[
https://issues.apache.org/jira/browse/NIFI-13413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17855983#comment-17855983
]
David Handermann commented on NIFI-13413:
-----------------------------------------
[~jrsteinebrey] Are there particular dependency upgrades you have in mind?
Sometimes combining dependency upgrades can be helpful, particularly if they do
not require any code changes and do not involve any flagged vulnerabilities.
For dependencies that do address vulnerabilities, it can be better to split
them into separate pull requests, but it depends on the scope of impact.
Also, given the divergence in a number of major dependency versions, Jira
issues and pull requests should be separated for the main branch and support
branch.
Thanks!
> Dependency upgrades to resolve cve's
> ------------------------------------
>
> Key: NIFI-13413
> URL: https://issues.apache.org/jira/browse/NIFI-13413
> Project: Apache NiFi
> Issue Type: Task
> Components: Extensions
> Affects Versions: 1.26.0, 2.0.0-M3
> Reporter: Jim Steinebrey
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
