You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/07/01 05:16:00 UTC
[GitHub] [pulsar] tisonkun opened a new pull request, #16318: [improve][deploy] Bump maven-dependency-plugin to 3.3.0
tisonkun opened a new pull request, #16318:
URL: https://github.com/apache/pulsar/pull/16318
### Motivation
So that we can work with JDK17; otherwise, it will fail with "Unsupported class file major version 61".
### Modifications
Bump maven-dependency-plugin to 3.3.0
### Verifying this change
- [x] Make sure that the change passes the CI checks.
### Document
- [x] `doc-not-needed`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] tisonkun commented on pull request #16318: [improve][dependency] Bump maven-dependency-plugin to 3.3.0
Posted by GitBox <gi...@apache.org>.
tisonkun commented on PR #16318:
URL: https://github.com/apache/pulsar/pull/16318#issuecomment-1172297246
@nicoloboschi I think we can merge this patch anyway? And do you think I should create an issue abut OWASP failure?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] tisonkun commented on pull request #16318: [improve][dependency] Bump maven-dependency-plugin to 3.3.0
Posted by GitBox <gi...@apache.org>.
tisonkun commented on PR #16318:
URL: https://github.com/apache/pulsar/pull/16318#issuecomment-1172149317
@hangc0276 may you re-trigger the label job? Besides, I think OWASP issue is not a regression of this patch and we may handle it in another pass.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nicoloboschi merged pull request #16318: [improve][dependency] Bump maven-dependency-plugin to 3.3.0
Posted by GitBox <gi...@apache.org>.
nicoloboschi merged PR #16318:
URL: https://github.com/apache/pulsar/pull/16318
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] tisonkun commented on pull request #16318: [improve][dependency] Bump maven-dependency-plugin to 3.3.0
Posted by GitBox <gi...@apache.org>.
tisonkun commented on PR #16318:
URL: https://github.com/apache/pulsar/pull/16318#issuecomment-1171957075
Hi @lhotari @nicoloboschi, OWASP reports:
```
Error: Failed to execute goal org.owasp:dependency-check-maven:7.1.0:aggregate (default) on project pulsar:
Error:
Error: One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
Error:
Error: log4j-core-2.17.1.jar: CVE-2022-33915 (7.0)
Error:
Error: See the dependency-check report for more details.
Error: -> [Help 1]
```
However, I don't see an affected versions list on https://github.com/advisories/GHSA-4vjw-ghvr-gv6w. Is it a false positive that we should add to the suppressions file?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org