Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump dependencies to fix security vulnerabilities #344

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

samzx
Copy link

@samzx samzx commented Mar 23, 2021

Based on Snyk we have 3 vulneravilities that can be fixed. 2 dependencies can be bumped easily without issue. Kafka upgrade may be harder though. This PR bumps these two log4j and jackson databind.
image

Copy link
Contributor

@andrewchoi5 andrewchoi5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @smccauliff can you also take a look?

@andrewchoi5 andrewchoi5 requested a review from gitlw April 19, 2021 09:01
@github-actions
Copy link

Stale pull request message

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants