-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[branch-2.10][improve][build] Upgrade dependencies to reduce CVE. #20162
Conversation
Do we need to update the notice file? |
yes, updated |
/pulsarbot run-failure-checks |
@Technoboy- Please don't do this type of PRs that aren't in the master branch. Maintenance will be a mess if we continue with this type of approach. Each dependency (or group of related dependencies) should be upgraded separately as well. We don't want these PRs that are bundles of multiple commits. If you want to trigger the CI tests, that can be achieved by manually triggering the pipeline in GitHub Actions UI. It's probably not supported in all maintenance branches at the moment. In those cases, it's possible to use a PR that isn't merged and is only for triggering the tests. |
Motivation
Upgrade the jetty server version to avoid CVE-2023-26048
Upgrade kotlin version to avoid CVE-2022-24329
Documentation
doc
doc-required
doc-not-needed
doc-complete