Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[branch-2.10][improve][build] Upgrade dependencies to reduce CVE. #20162

Merged
merged 3 commits into from
Apr 22, 2023
Merged

[branch-2.10][improve][build] Upgrade dependencies to reduce CVE. #20162

merged 3 commits into from
Apr 22, 2023

Conversation

Technoboy-
Copy link
Contributor

@Technoboy- Technoboy- commented Apr 21, 2023
edited
Loading

Motivation

Upgrade the jetty server version to avoid CVE-2023-26048
Upgrade kotlin version to avoid CVE-2022-24329

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@Technoboy- Technoboy- changed the title [improve][build] Upgrade dependencies to reduce CVE. [branch-2.10][improve][build] Upgrade dependencies to reduce CVE. Apr 21, 2023
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Apr 21, 2023
@codelipenghui
Copy link
Contributor

Do we need to update the notice file?

@Technoboy-
Copy link
Contributor Author

Do we need to update the notice file?

yes, updated

@Technoboy- Technoboy- self-assigned this Apr 22, 2023
@codelipenghui
Copy link
Contributor

/pulsarbot run-failure-checks

@Technoboy- Technoboy- merged commit d86e168 into apache:branch-2.10 Apr 22, 2023
Technoboy- added a commit to Technoboy-/pulsar that referenced this pull request May 5, 2023
@Technoboy-
[improve][build] Upgrade dependencies to reduce CVE. (apache#20162)
635a353
@Technoboy- Technoboy- mentioned this pull request May 5, 2023
Merged
4 tasks
Technoboy- added a commit to Technoboy-/pulsar that referenced this pull request May 5, 2023
@Technoboy-
[improve][build] Upgrade dependencies to reduce CVE. (apache#20162)
b0decbf
@Technoboy- Technoboy- mentioned this pull request May 5, 2023
Merged
4 tasks
Technoboy- added a commit to Technoboy-/pulsar that referenced this pull request May 5, 2023
@Technoboy-
[improve][build] Upgrade dependencies to reduce CVE. (apache#20162)
fe8060d
This was referenced May 5, 2023
Merged
Closed
Technoboy- added a commit to Technoboy-/pulsar that referenced this pull request May 6, 2023
@Technoboy-
[improve][build] Upgrade dependencies to reduce CVE. (apache#20162)
ec147e9
@lhotari
Copy link
Member

lhotari commented Jun 2, 2023

@Technoboy- Please don't do this type of PRs that aren't in the master branch. Maintenance will be a mess if we continue with this type of approach. Each dependency (or group of related dependencies) should be upgraded separately as well. We don't want these PRs that are bundles of multiple commits. If you want to trigger the CI tests, that can be achieved by manually triggering the pipeline in GitHub Actions UI. It's probably not supported in all maintenance branches at the moment. In those cases, it's possible to use a PR that isn't merged and is only for triggering the tests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codelipenghui codelipenghui codelipenghui approved these changes

Assignees

@Technoboy- Technoboy-

Labels
cherry-picked/branch-2.10 doc-not-needed Your PR changes do not impact docs ready-to-test release/2.10.5
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Technoboy- @codelipenghui @lhotari @liangyepianzhou