Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix][ci] Fix OWASP Dependency Check download by using NVD API key #4473

Merged
merged 1 commit into from
Jul 29, 2024
Merged

[fix][ci] Fix OWASP Dependency Check download by using NVD API key #4473

merged 1 commit into from
Jul 29, 2024

Conversation

shoothzj
Copy link
Member

@shoothzj shoothzj commented Jul 27, 2024
edited
Loading

@shoothzj
Copy link
Member Author

@lhotari It seems download is still failed, do we need to merge this first?

lhotari
lhotari requested changes Jul 28, 2024
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@lhotari
Copy link
Member

lhotari commented Jul 28, 2024

@lhotari It seems download is still failed, do we need to merge this first?

Yes. Another option would be to create the PR branch to apache/bookkeeper so that it has access to the secret. The dependency check version must be at least 10.0.2 (there's another Pulsar PR explaining that).

@shoothzj shoothzj self-assigned this Jul 28, 2024
@shoothzj shoothzj added this to the 4.18.0 milestone Jul 28, 2024
@shoothzj
Copy link
Member Author

@lhotari Thanks, I see your description in apache/pulsar#23012.

I suggest we can merge this pr first.

There's a mandatory upgrade notice about upgrading to 10.0.2 version.

@lhotari
Copy link
Member

lhotari commented Jul 28, 2024

I suggest we can merge this pr first.

That works for me, but why not just upgrade to 10.0.2 in this PR?

@lhotari
Copy link
Member

lhotari commented Jul 28, 2024

Looks like 10.0.2 is used in this PR, LGTM.

@lhotari
Copy link
Member

lhotari commented Jul 28, 2024

There's a error building the docker image

[INFO] Package netcat is a virtual package provided by:
[INFO]   netcat-traditional 1.10-48
[INFO]   netcat-openbsd 1.226-1ubuntu2
[INFO] 
[INFO] E: Package 'netcat' has no installation candidate

I believe netcat-openbsd should be used.

@shoothzj shoothzj merged commit 7ab29e6 into apache:master Jul 29, 2024
23 checks passed
@shoothzj shoothzj deleted the fix-dependency-check branch July 29, 2024 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lhotari lhotari lhotari approved these changes

Assignees

@shoothzj shoothzj

Labels
release/4.16.7 release/4.17.2
Projects
None yet
Milestone
4.18.0
Development

Successfully merging this pull request may close these issues.
2 participants
@shoothzj @lhotari