You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/03/08 02:47:54 UTC
[GitHub] [pulsar] nodece opened a new pull request #14593: [Dependencies] Update mariadb-jdbc
nodece opened a new pull request #14593:
URL: https://github.com/apache/pulsar/pull/14593
Signed-off-by: Zixuan Liu <no...@gmail.com>
### Motivation
Fix `OWASP Dependency Check / owasp-dep-check` CI:
```
Error: Failed to execute goal org.owasp:dependency-check-maven:6.1.6:aggregate (default) on project pulsar:
Error:
Error: One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
Error:
Error: mariadb-java-client-2.6.0.jar: CVE-[20](https://github.com/apache/pulsar/runs/5450633784?check_suite_focus=true#step:8:20)20-28912, CVE-20[21](https://github.com/apache/pulsar/runs/5450633784?check_suite_focus=true#step:8:21)-46669, CVE-2021-46666, CVE-2021-46667
Error:
Error: See the dependency-check report for more details.
Error: -> [Help 1]
Error:
Error: To see the full stack trace of the errors, re-run Maven with the -e switch.
Error: Re-run Maven using the -X switch to enable full debug logging.
Error:
Error: For more information about the errors and possible solutions, please read the following articles:
Error: [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
Error:
Error: After correcting the problems, you can resume the build with the command
Error: mvn <args> -rf :pulsar
Error: Process completed with exit code 1.
```
### Modifications
Upgrade mariadb-jdbc from 2.6.0 to 2.7.5
### Documentation
- [x] `no-need-doc`
Update dependencies
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari merged pull request #14593: [OWASP] Update mariadb-jdbc dependency and add suppression rule
Posted by GitBox <gi...@apache.org>.
lhotari merged pull request #14593:
URL: https://github.com/apache/pulsar/pull/14593
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nodece commented on pull request #14593: [Dependencies] Update mariadb-jdbc
Posted by GitBox <gi...@apache.org>.
nodece commented on pull request #14593:
URL: https://github.com/apache/pulsar/pull/14593#issuecomment-1061361794
/pulsarbot rerun-failure-checks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nodece commented on pull request #14593: [OWASP] Update mariadb-jdbc dependency and add suppression rule
Posted by GitBox <gi...@apache.org>.
nodece commented on pull request #14593:
URL: https://github.com/apache/pulsar/pull/14593#issuecomment-1061383158
This PR duplication with https://github.com/apache/pulsar/pull/14511.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org