You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/06/22 21:12:50 UTC

[GitHub] [pulsar] lhotari opened a new pull request #11025: [Security] Exclude grpc-okhttp dependency and set okhttp3 & okio version

lhotari opened a new pull request #11025:
URL: https://github.com/apache/pulsar/pull/11025


   ### Motivation
   
   - okhttp 2.7.4 dependency causes Pulsar to be flagged as vulnerable.
     this dependency is pulled in by the unnecessary grpc-okhttp dependency.
   
   ### Modifications
   
   - exclude grprc-okhttp and it's transitive dependencies
   
   - set okhttp3 and okio versions in dependency management since the okio versio
     changed when exclusions were added.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] sijie merged pull request #11025: [Security] Exclude grpc-okhttp dependency and set okhttp3 & okio version

Posted by GitBox <gi...@apache.org>.

sijie merged pull request #11025:
URL: https://github.com/apache/pulsar/pull/11025


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org