Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update several dependencies #166

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Update several dependencies #166

wants to merge 7 commits into from

Conversation

jeroenvandisseldorp
Copy link
Contributor

No description provided.

snyk-bot and others added 7 commits December 20, 2024 02:32
@snyk-bot
fix: pom.xml to reduce vulnerabilities
a1ef7e2 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKAFKA-8528112
@snyk-bot
fix: pom.xml to reduce vulnerabilities
6a4bdb6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-8539866
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-8539867
- https://snyk.io/vuln/SNYK-JAVA-CHQOSLOGBACK-8539865
@snyk-bot
fix: pom.xml to reduce vulnerabilities
a41ae6f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKAFKA-8528112
@jeroenvandisseldorp
Merge pull request #3 from jeroenvandisseldorp/snyk-fix-947c12e2d418a…
533a112 
…a72048c20498c69783b

[Snyk] Security upgrade org.apache.kafka:kafka-clients from 3.8.0 to 3.8.1
@jeroenvandisseldorp
Merge pull request #4 from jeroenvandisseldorp/snyk-fix-a5c6bcc079a6d…
ed3cd49 
…7285209d5f4be76b73f

[Snyk] Security upgrade ch.qos.logback:logback-classic from 1.5.6 to 1.5.13
@jeroenvandisseldorp
Merge branch 'main' into snyk-fix-3f68a1ba9fc18eced8d1ac7b3609bb82
decb82f
@jeroenvandisseldorp
Merge pull request #5 from jeroenvandisseldorp/snyk-fix-3f68a1ba9fc18…
7209060 
…eced8d1ac7b3609bb82

[Snyk] Security upgrade io.apicurio:apicurio-registry-serdes-avro-serde from 2.6.5.Final to 2.6.6.Final
richard-axual
richard-axual requested changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@richard-axual richard-axual left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, but can you add the maven versions plugin 2.18.0 to the parent pom pluginManagement?

This allows us to easily update versions using maven

                <plugin>
                    <groupId>org.codehaus.mojo</groupId>
                    <artifactId>versions-maven-plugin</artifactId>
                    <version>${maven.versions.plugin.version}</version>
                    <configuration>
                        <allowMajorUpdates>false</allowMajorUpdates>
                    </configuration>
                </plugin>

example update command is

mvn versions:update-properties
mvn versions:commit
mvn versions:revert

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richard-axual richard-axual richard-axual requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jeroenvandisseldorp @richard-axual @snyk-bot