-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates to latest maven versions aligned with latest docker images #3785
Conversation
This also updates example docker images to latest Signed-off-by: Adrian Cole <[email protected]>
Signed-off-by: Adrian Cole <[email protected]>
Signed-off-by: Adrian Cole <[email protected]>
Signed-off-by: Adrian Cole <[email protected]>
raised tcort/markdown-link-check#377 for the false negative on lint |
@reta @making @shakuzen what's left is the UI (zipkin-lens) CVE which cannot be automatically fixed as it seems there's a breaking change. This PR is against the main repo, so PRs can go against it if someone doesn't have access to add a commit. Once done, back on track. Appreciate a hand pinging someone to help with this, or doing it directly.
|
@@ -29,20 +29,20 @@ | |||
<dependency> | |||
<groupId>org.springframework.boot</groupId> | |||
<artifactId>spring-boot-dependencies</artifactId> | |||
<version>3.3.4</version> | |||
<version>3.3.5</version> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe 3.3.6 is expected to land on Thu
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3.3.6
is out!
Signed-off-by: Adrian Cole <[email protected]>
suggestion: why don't we bump, merge and release this (after updating deps unrelated to docker). In the release notes, we can say "help wanted" to fix the remaining CVEs in the UI. Some don't use the UI at all, and/or might not care about those CVEs. Meanwhile, if no one can help fix them, we shouldn't hold the rest of the project and downstream hostage. @reta if cool by you, you can edit this branch about spring boot version and merge! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure why the lint check is failing given https://github.com/openzipkin/zipkin/pull/3785/files#diff-23773f5014e0437c31c4c94b70d816279ceba1e308127698bda89bf9582b09d5R4-R5 but looks good to me
It is because this link |
Signed-off-by: Andriy Redko <[email protected]>
Merging, thanks @codefromthecrypt and @shakuzen ! |
This also updates example docker images to latest