+1 - This is a great addition, thanks Nicolò. I updated our Release Process wiki page so that Release Managers will know to add new release branches to this GitHub workflow [0].
- Michael [0] https://github.com/apache/pulsar/wiki/Release-process#1-create-the-release-branch On Wed, Dec 22, 2021 at 10:08 AM Lari Hotari <l...@hotari.net> wrote: > > Good work Nicolò! It's great to have OWASP dependency check handled for all > active branches. > > -Lari > > On Wed, Dec 22, 2021 at 5:05 PM Nicolò Boschi <boschi1...@gmail.com> wrote: > > > Hello everyone, > > > > I created a couple of pull requests in order to run a periodic check on > > Pulsar active branches. In this way we can proactively update dependencies > > whenever is needed (for fixing CVE's purpose) > > > > The first one [0] is to make the check pass on branch-2.8 > > The second one [1] is to make the check pass on master and branch-2.9 > > The third one [2] is to make the periodic job running against master, > > branch-2.8 and branch-2.9. > > > > We also have to port this PR [3] to branch-2.9 > > > > I left out 2.7 branch because I have the impression (please confirm it) we > > are no longer cherry-picking dependency upgrades. Also the check doesn't > > exist at all in that branch. > > > > Let me know what you think. > > > > Thanks, > > Nicolò Boschi > > > > [0] https://github.com/apache/pulsar/pull/13455 > > [1] https://github.com/apache/pulsar/pull/13451 > > [2] https://github.com/apache/pulsar/pull/13366 > > [3] https://github.com/apache/pulsar/pull/13364 > >
