Good work Nicolò! It's great to have OWASP dependency check handled for all active branches.
-Lari On Wed, Dec 22, 2021 at 5:05 PM Nicolò Boschi <boschi1...@gmail.com> wrote: > Hello everyone, > > I created a couple of pull requests in order to run a periodic check on > Pulsar active branches. In this way we can proactively update dependencies > whenever is needed (for fixing CVE's purpose) > > The first one [0] is to make the check pass on branch-2.8 > The second one [1] is to make the check pass on master and branch-2.9 > The third one [2] is to make the periodic job running against master, > branch-2.8 and branch-2.9. > > We also have to port this PR [3] to branch-2.9 > > I left out 2.7 branch because I have the impression (please confirm it) we > are no longer cherry-picking dependency upgrades. Also the check doesn't > exist at all in that branch. > > Let me know what you think. > > Thanks, > Nicolò Boschi > > [0] https://github.com/apache/pulsar/pull/13455 > [1] https://github.com/apache/pulsar/pull/13451 > [2] https://github.com/apache/pulsar/pull/13366 > [3] https://github.com/apache/pulsar/pull/13364 >
