Re: [PR] Bump grpc from 1.56.0 to 1.63.0 to address CVE list [bookkeeper]
lhotari commented on PR #4344: URL: https://github.com/apache/bookkeeper/pull/4344#issuecomment-2114125567 It looks like grpc 1.64.0 was released yesterday. Should we go directly to the latest release? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@bookkeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump grpc from 1.56.0 to 1.63.0 to address CVE list [bookkeeper]
lhotari commented on PR #4344: URL: https://github.com/apache/bookkeeper/pull/4344#issuecomment-2114122814 > @lhotari fixed, please take a look again. :) We could also migrate to use `protobuf-bom` in dependencyManagement. ```xml com.google.protobuf protobuf-bom ${protobuf.version} pom import ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@bookkeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump grpc from 1.56.0 to 1.63.0 to address CVE list [bookkeeper]
shoothzj commented on PR #4344: URL: https://github.com/apache/bookkeeper/pull/4344#issuecomment-2114112003 @lhotari fixed, please take a look again. :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@bookkeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump grpc from 1.56.0 to 1.63.0 to address CVE list [bookkeeper]
lhotari commented on PR #4344: URL: https://github.com/apache/bookkeeper/pull/4344#issuecomment-2114011177 > @lhotari please also take a look protobuf version should be upgraded at the same time to ensure that it's compatible with grpc. Pick the version that grpc uses. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@bookkeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump grpc from 1.56.0 to 1.63.0 to address CVE list [bookkeeper]
shoothzj commented on PR #4344: URL: https://github.com/apache/bookkeeper/pull/4344#issuecomment-2113906916 @lhotari please also take a look -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@bookkeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump grpc from 1.56.0 to 1.63.0 to address CVE list [bookkeeper]
shoothzj commented on PR #4344: URL: https://github.com/apache/bookkeeper/pull/4344#issuecomment-2100283162 > We need to be careful to upgrade grpc versions. Pulsar also uses grpc and the version needs to be sync and compatible I agree. But bk should go first. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@bookkeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump grpc from 1.56.0 to 1.63.0 to address CVE list [bookkeeper]
hangc0276 commented on PR #4344: URL: https://github.com/apache/bookkeeper/pull/4344#issuecomment-2100243758 We need to be careful to upgrade grpc versions. Pulsar also uses grpc and the version needs to be sync and compatible -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@bookkeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump grpc from 1.56.0 to 1.63.0 to address CVE list [bookkeeper]
shoothzj commented on PR #4344: URL: https://github.com/apache/bookkeeper/pull/4344#issuecomment-2097197941 @dlg99 @eolivelli @hangc0276 @merlimat @nicoloboschi @StevenLuMT @wenbingshen @zhaijack PTAL -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@bookkeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org