I will open a change request to update Spotify Docker Client in Orbit to fix
CVEs ASAP.
I'll add both Roland and Jeff to the CR as reviewers.
On 9/23/19 , 6:51 AM, "linuxtools-dev-boun...@eclipse.org on behalf of Roland
Grunberg" <linuxtools-dev-boun...@eclipse.org on behalf of rgrun...@redhat.com>
wrote:
On Sat, 2019-09-21 at 09:49 -0400, Jeff Johnston wrote:
> Actually, thinking about it some more, this could entirely be done in
Orbit's CVS repo since upstream won't be
> changing. Roland, any issues with this approach?
This is already happening in Orbit. For example, the update of the
Jackson stack from 2.9.2 -> 2.9.9. Our target platform just needs an
update to use those and to ensure the plugin works as expected.
I would not look at the pure upstream pom dependencies of docker-client
as we don't use them as Jeff has pointed out. If you install the Docker
Tooling, you can look through the plugins/ folder to get a sense of the
versions and bundles used.
If the current state of dependencies has issues (CVEs) and a fixed
version is not in Orbit, then the bugs should be filed against Orbit.
Cheers,
--
Roland Grunberg
_______________________________________________
linuxtools-dev mailing list
linuxtools-dev@eclipse.org
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://www.eclipse.org/mailman/listinfo/linuxtools-dev
_______________________________________________
linuxtools-dev mailing list
linuxtools-dev@eclipse.org
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://www.eclipse.org/mailman/listinfo/linuxtools-dev
