dependabot[bot] opened a new pull request, #16773: URL: https://github.com/apache/pinot/pull/16773
Bumps [org.apache.pulsar:pulsar-bom](https://github.com/apache/pulsar) from 4.0.6 to 4.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/pulsar/releases";>org.apache.pulsar:pulsar-bom's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <h3>Approved PIPs</h3> <ul> <li>[improve][pip] PIP-292: Enforce token expiration time in the Websockets plugin (<a href="https://redirect.github.com/apache/pulsar/pull/20953";>#20953</a>)</li> <li>[improve][pip] PIP-391: Enable batch index ACK by default (<a href="https://redirect.github.com/apache/pulsar/pull/23567";>#23567</a>)</li> <li>[improve][pip] PIP-409: support producer configuration for retry/dead letter topic producer (<a href="https://redirect.github.com/apache/pulsar/pull/24022";>#24022</a>)</li> <li>[improve][pip] PIP-416: Add a new topic method to implement trigger offload by size threshold (<a href="https://redirect.github.com/apache/pulsar/pull/24276";>#24276</a>)</li> <li>[improve][pip] PIP-425: Support connecting with next available endpoint for multi-endpoint serviceUrls (<a href="https://redirect.github.com/apache/pulsar/pull/24394";>#24394</a>)</li> <li>[improve][pip] PIP-427: Align pulsar-admin Default for Mark-Delete Rate with Broker Configuration (<a href="https://redirect.github.com/apache/pulsar/pull/24425";>#24425</a>)</li> <li>[improve][pip] PIP-429: Optimize Handling of Compacted Last Entry by Skipping Payload Buffer Parsing (<a href="https://redirect.github.com/apache/pulsar/pull/24439";>#24439</a>)</li> <li>[pip] PIP-430: Pulsar Broker cache improvements: refactoring eviction and adding a new cache strategy based on expected read count (<a href="https://redirect.github.com/apache/pulsar/pull/24444";>#24444</a>)</li> <li>[improve][pip] PIP-431: Add Creation and Last Publish Timestamps to Topic Stats (<a href="https://redirect.github.com/apache/pulsar/pull/24469";>#24469</a>)</li> <li>[improve][pip] PIP-432: Add isEncrypted field to EncryptionContext (<a href="https://redirect.github.com/apache/pulsar/pull/24481";>#24481</a>)</li> <li>[improve][pip] PIP-433: Optimize the conflicts of the replication and automatic creation mechanisms, including the automatic creation of topics and schemas (<a href="https://redirect.github.com/apache/pulsar/pull/24485";>#24485</a>)</li> <li>[improve][pip] PIP-435: Add startTimestamp and endTimestamp for consuming messages in client cli (<a href="https://redirect.github.com/apache/pulsar/pull/24524";>#24524</a>)</li> <li>[improve][pip]PIP-422 Support global topic-level policy: replicated clusters and new API to delete topic-level policies (<a href="https://redirect.github.com/apache/pulsar/pull/24368";>#24368</a>)</li> <li>[improve][pip]PIP-436: Add decryptFailListener to Consumer (<a href="https://redirect.github.com/apache/pulsar/pull/24572";>#24572</a>)</li> <li>[feat][pip] PIP-420: Provide ability for Pulsar clients to integrate with third-party schema registry service (<a href="https://redirect.github.com/apache/pulsar/pull/24328";>#24328</a>)</li> <li>[improve] [pip] PIP-373: Add a topic's system prop that indicates whether users have published TXN messages in before. (<a href="https://redirect.github.com/apache/pulsar/pull/23210";>#23210</a>)</li> <li>[improve] [pip] PIP-375 Expose the Admin client configs: readTimeout, requestTimeout, and connectionTimeout (<a href="https://redirect.github.com/apache/pulsar/pull/23222";>#23222</a>)</li> <li>[improve] [pip] PIP-382: Add a label named reason for topic_load_failed_total (<a href="https://redirect.github.com/apache/pulsar/pull/23351";>#23351</a>)</li> <li>[pip] PIP-428: Change TopicPoliciesService interface to fix consistency issues (<a href="https://redirect.github.com/apache/pulsar/pull/24428";>#24428</a>)</li> </ul> <h3>Library updates</h3> <ul> <li>[improve][broker] Upgrade avro version to 1.12.0 (<a href="https://redirect.github.com/apache/pulsar/pull/24617";>#24617</a>)</li> <li>[improve][broker] Upgrade bookkeeper to 4.17.2/commons-configuration to 2.x/grpc to 1.72.0 and enable ZooKeeper client to establish connection in read-only mode (<a href="https://redirect.github.com/apache/pulsar/pull/24468";>#24468</a>)</li> <li>[fix][sec] Bump commons-io version to 2.18.0 (<a href="https://redirect.github.com/apache/pulsar/pull/23684";>#23684</a>)</li> <li>[fix][sec] Mitigate CVE-2024-53990 by disabling AsyncHttpClient CookieStore (<a href="https://redirect.github.com/apache/pulsar/pull/23725";>#23725</a>)</li> <li>[fix][sec] Remove dependency on out-dated commons-configuration 1.x (<a href="https://redirect.github.com/apache/pulsar/pull/24562";>#24562</a>)</li> <li>[fix][sec] Replace bcprov-jdk15on dependency with bcprov-jdk18-on (<a href="https://redirect.github.com/apache/pulsar/pull/23532";>#23532</a>)</li> <li>[fix][sec] Upgrade async-http-client to 2.12.4 to address CVE-2024-53990 (<a href="https://redirect.github.com/apache/pulsar/pull/23732";>#23732</a>)</li> <li>[fix][sec] Upgrade bouncycastle bcpkix-fips version to 1.79 to address CVE-2025-8916 (<a href="https://redirect.github.com/apache/pulsar/pull/24650";>#24650</a>)</li> <li>[fix][sec] Upgrade golang.org/x/crypto from 0.21.0 to 0.31.0 in pulsar-function-go (<a href="https://redirect.github.com/apache/pulsar/pull/23743";>#23743</a>)</li> <li>[fix][sec] Upgrade Jetty to 9.4.57.v20241219 to mitigate CVE-2024-6763 (<a href="https://redirect.github.com/apache/pulsar/pull/24232";>#24232</a>)</li> <li>[fix][sec] Upgrade jwt/v5 to 5.2.2 to address CVE-2025-30204 (<a href="https://redirect.github.com/apache/pulsar/pull/24140";>#24140</a>)</li> <li>[fix][sec] Upgrade Kafka connector and clients version to 3.9.1 to address CVE-2025-27818 (<a href="https://redirect.github.com/apache/pulsar/pull/24564";>#24564</a>)</li> <li>[fix][sec] Upgrade pulsar-function-go dependencies to address CVE-2025-22868 (<a href="https://redirect.github.com/apache/pulsar/pull/24547";>#24547</a>)</li> <li>[fix][sec] Upgrade to Netty 4.1.115.Final to address CVE-2024-47535 (<a href="https://redirect.github.com/apache/pulsar/pull/23596";>#23596</a>)</li> <li>[fix][sec] Upgrade to Netty 4.1.118 (<a href="https://redirect.github.com/apache/pulsar/pull/23965";>#23965</a>)</li> <li>[fix][sec] Upgrade to Netty 4.1.124.Final to address CVE-2025-55163 (<a href="https://redirect.github.com/apache/pulsar/pull/24637";>#24637</a>)</li> <li>[fix][sec] Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504 (<a href="https://redirect.github.com/apache/pulsar/pull/23581";>#23581</a>)</li> <li>[fix][build] Upgrade json-smart to 2.5.2 (<a href="https://redirect.github.com/apache/pulsar/pull/23966";>#23966</a>)</li> <li>[improve][io] Upgrade AWS SDK v1 & v2, Kinesis KPL and KPC versions (<a href="https://redirect.github.com/apache/pulsar/pull/24661";>#24661</a>)</li> <li>[improve][io] Upgrade Kafka client and compatible Confluent platform version (<a href="https://redirect.github.com/apache/pulsar/pull/24201";>#24201</a>)</li> <li>[improve][io] Upgrade Spring version to 6.1.13 in IO Connectors (<a href="https://redirect.github.com/apache/pulsar/pull/23459";>#23459</a>)</li> <li>[improve][io] Upgrade Spring version to 6.1.14 in IO Connectors (<a href="https://redirect.github.com/apache/pulsar/pull/23481";>#23481</a>)</li> <li>[improve][monitor] Upgrade OTel to 1.41.0 (<a href="https://redirect.github.com/apache/pulsar/pull/23484";>#23484</a>)</li> <li>[improve][monitor] Upgrade OTel to 1.45.0 (<a href="https://redirect.github.com/apache/pulsar/pull/23756";>#23756</a>)</li> <li>[fix][misc] Upgrade dependencies to fix critical security vulnerabilities (<a href="https://redirect.github.com/apache/pulsar/pull/24532";>#24532</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/pulsar/commit/368381aa1eb2c4645d9b0b5848f262c98642aad2";><code>368381a</code></a> [fix][client] Fix potential NPE in TypedMessageBuilderImpl (<a href="https://redirect.github.com/apache/pulsar/issues/24691";>#24691</a>)</li> <li><a href="https://github.com/apache/pulsar/commit/520ff32a9ddc051d0ed38aa0478af4de6c9e019f";><code>520ff32</code></a> Release 4.1.0</li> <li><a href="https://github.com/apache/pulsar/commit/45d71f8fcdd58d8715ada7e418f3acd8b43c141a";><code>45d71f8</code></a> [improve][client] PIP-420: Supports users implement external schemas (<a href="https://redirect.github.com/apache/pulsar/issues/24488";>#24488</a>)</li> <li><a href="https://github.com/apache/pulsar/commit/4a4e692ac9843b95facfb951384dc19ca37c5432";><code>4a4e692</code></a> [improve][doc] Cleanup some legacy PIP documents and improve PIP listing (<a href="https://redirect.github.com/apache/pulsar/issues/24";>#24</a>...</li> <li><a href="https://github.com/apache/pulsar/commit/e466f453ebbc3fa1999ca6acad708731deb067b6";><code>e466f45</code></a> [improve] [pip] PIP-382: Add a label named reason for topic_load_failed_total...</li> <li><a href="https://github.com/apache/pulsar/commit/66b69ad647a4fad304a3d8a0abeb81be8414f140";><code>66b69ad</code></a> [fix][broker]User topic failed to delete after removed cluster because of fai...</li> <li><a href="https://github.com/apache/pulsar/commit/f7671491735cbd455134c94089265db7ce0cd8bd";><code>f767149</code></a> [improve] [pip] PIP-375 Expose the Admin client configs: readTimeout, request...</li> <li><a href="https://github.com/apache/pulsar/commit/8fd5bf5fd6e81c4344e5fea1adce667fc877553f";><code>8fd5bf5</code></a> [fix][client] Fix ArrayIndexOutOfBoundsException when using SameAuthParamsLoo...</li> <li><a href="https://github.com/apache/pulsar/commit/03e0787cc445ecab5207769e0859c64fb589a0f3";><code>03e0787</code></a> [improve][test]Add new test PartitionCreationTest.testGetPoliciesIfPartitions...</li> <li><a href="https://github.com/apache/pulsar/commit/a035c6e519bbd43c930796fa358dea37ffba71db";><code>a035c6e</code></a> [improve][doc] Update PIP links in PIP documents converted from the wiki and ...</li> <li>Additional commits viewable in <a href="https://github.com/apache/pulsar/compare/v4.0.6...v4.1.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
