merlimat opened a new pull request #5232: Upgrade dependencies for security fixes URL: https://github.com/apache/pulsar/pull/5232 ### Motivation Upgrade the version of several dependencies to include fixes for a series of vulnerabilities, as reported in #4057. ### Modifications * Guava 21.0 -> 28.1 * Commons Compress 1.15 -> 1.19 * Jetty 9.4.12.v20180830 -> 9.4.20.v20190813 * Netty 3.10.1.Final -> netty-3.10.6.Final (Netty 3.x is used by ZooKeeper) Pulsar SQL dependencies: * async-http-client 1.6.5 -> 1.9.40 * Maven components 3.0.4 -> 3.6.2 Note: jackson-databind was already upgraded in #5011 Fix #4057
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services