spuru9 opened a new pull request, #1117: URL: https://github.com/apache/flink-kubernetes-operator/pull/1117
## What is the purpose of the change Retire Netty/Okio CVEs flowing through `kubernetes-client` and `operator-framework` by bumping the two direct dependencies to the latest stable within their major lines. No `<dependencyManagement>` overrides on transitives. JIRA: [FLINK-39727](https://issues.apache.org/jira/browse/FLINK-39727) ## Brief change log - `pom.xml`: `fabric8.version` 7.3.1 → 7.7.0 (latest 7.x stable, 2026-05-12) - `pom.xml`: `operator.sdk.version` 5.2.2 → 5.3.4 (latest 5.x stable, 2026-05-19) Residual Netty CVEs flowing through `flink-runtime` remain blocked on a future Flink minor bump (Netty ≥ 4.1.133). ## Verifying this change Covered by existing tests. Verify locally with `mvn verify`; reviewers should confirm CRD codegen output is unchanged and exercise the admission webhook over TLS in the integration suite. ## Does this pull request potentially affect one of the following parts: - Dependencies: **yes** (version bumps only) - Public API / CRDs: no (verify CRD codegen) - Core observer/reconciler logic: no ## Documentation - New feature: no -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
