dlg99 opened a new pull request #13726:
URL: https://github.com/apache/pulsar/pull/13726
Updating dependencies to get rid of CVEs brought in with kafka and log4j-1.2
libs
CVE-2020-27218,
CVE-2021-38153,
CVE-2021-44228,
CVE-2021-44832,
CVE-2021-45046,
CVE-2021-45105,
CVE-2020-9488,
CVE-2019-17571,
CVE-2021-4104
### Motivation
`mvn clean install verify -Powasp-dependency-check -DskipTests` found
various CVEs
### Modifications
Upgraded dependencies/excluded transitive dependencies that were bringing in
libraries with CVEs.
### Verifying this change
This change is already covered by existing tests
### Does this pull request potentially affect one of the following parts:
*If `yes` was chosen, please highlight the changes*
- Dependencies (does it add or upgrade a dependency): *YES*
- The public API: (yes / no)
- The schema: (yes / no / don't know)
- The default values of configurations: (yes / no)
- The wire protocol: (yes / no)
- The rest endpoints: (yes / no)
- The admin cli options: (yes / no)
- Anything that affects deployment: (yes / no / don't know)
### Documentation
Check the box below or label this PR directly (if you have committer
privilege).
Need to update docs?
- [ ] `doc-required`
(If you need help on updating docs, create a doc issue)
- [ ] `no-need-doc`
(Please explain why)
- [ ] `doc`
(If this PR contains doc changes)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
