hpvd opened a new issue #8815: URL: https://github.com/apache/pulsar/issues/8815
**Is your enhancement request related to a problem? Please describe.** To get the most out of every release regarding security, performance and "bug-freeness" it may be a good idea to make reasonable updating of dependencies a good routine before every release. **Describe the solution you'd like** what would help (if not already used): 1. enabling githubs alerts for vulnerable dependencies for pulsar see https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies -> if possible a bot automatically should open an issue to fix these findings / update the dependencies as soon as fixes are available 2. since possible not all vulnerabilities are reported/found it may also be a idea having an dynamic/automated table of dependencies: - row 1: name of of dependency - row 2: versions of dependencies used in latest pulsar release e.g. see https://frontbackend.com/maven/artifact/org.apache.pulsar/pulsar/2.6.2 - row 3: latest version of dependency available ( if hosted at github: accessible with github api) -> before every release one should look at this table and update all (most) dependencies to their latest version (or note a hint why this is not possible at this time (e.g. incompatible changes) -> of course one could automate open update issues as well, but these may result for to many intermediate steps between releases ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
