lhotari commented on pull request #14579: URL: https://github.com/apache/pulsar/pull/14579#issuecomment-1061592949
> @lhotari I totally share your point. The fact that CI passed is a good hint that Pulsar works well. > > In any case we don't have any other possibility (it looks like the 1.4 branch is not very active and Kotlin moved forward with 2 major releases). > > So I suggest to commit this patch as soon as possible, this way we will have time to see regressions when people use master branch for testing. OkHttp3 is used by the io.kubernetes:client-java library that is used by the Pulsar Functions Kubenetes Runtime. We don't have much tests for that in Pulsar CI. That's why I suggested checking Kotlin release notes to find out whether it's fine to replace Kotlin stdlib 1.4.x with 1.6.x . The most recent Okio and OkHttp3 versions depend on Kotlin stdlib 1.6.x . CVE-2022-24329 doesn't look like a real problem in Kotlin."In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects." -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
