[
https://issues.apache.org/jira/browse/GEODE-10046?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531914#comment-17531914
]
ASF subversion and git services commented on GEODE-10046:
---------------------------------------------------------
Commit b27d6a4e4794ba446e4757d0dc06e8d5bb4e878e in geode's branch
refs/heads/develop from Owen Nichols
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b27d6a4e47 ]
GEODE-10046: Bump 3rd-party dependency versions (#7650)
Geode endeavors to update to the latest version of 3rd-party
dependencies on develop wherever possible. Doing so increases the
shelf life of releases and increases security and reliability.
Doing so regularly makes the occasional hiccups this can cause easier
to pinpoint and address.
Dependency bumps in this batch:
* Bump classgraph from 4.8.145 to 4.8.146
* Bump micrometer from 1.8.4 to 1.8.5
* Bump netty-handler from 4.1.75 to 4.1.76
* Bump spring-boot-starter-web from 2.6.6 to 2.6.7
* Bump spring-hateoas from 1.4.1 to 1.4.2
* Bump spring-ldap-core from 2.3.6 to 2.3.7
* Bump spring-security from 5.6.2 to 5.6.3
> bump dependencies in 1.16
> -------------------------
>
> Key: GEODE-10046
> URL: https://issues.apache.org/jira/browse/GEODE-10046
> Project: Geode
> Issue Type: Improvement
> Components: build
> Reporter: Owen Nichols
> Assignee: Owen Nichols
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.15.0
>
>
> until support/1.16 is cut, periodically check for and switch to latest
> version of 3rd-party dependencies. this will extend the shelf-life of
> eventual Geode 1.16 release and hopefully reduce bugs and cve exposure, or at
> least give a smaller delta if there is later a cve found that we need to
> patch for
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
