New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak #10147
[Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 and fix test dependency leak #10147
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
The LICENSE file also need some adjustments:
Run src/check-binary-license ./distribution/server/target/apache-pulsar-*-bin.tar.gz
io.grpc-grpc-testing-1.33.0.jar mentioned in LICENSE, but not bundled
org.hamcrest-hamcrest-core-1.3.jar mentioned in LICENSE, but not bundled
It looks like there are issues with the LICENSE/NOTICE.
c69f58d
to
4d9b0cc
Compare
- low severity issue - more info at GHSA-269g-pwp5-87pp
- these are test dependencies and now excluded from the distribution
4d9b0cc
to
9b46886
Compare
/pulsarbot run-failure-checks |
…and fix test dependency leak (apache#10147) (cherry picked from commit 9d3cbef)
Motivation
Modifications