Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix][ci] Fix OWASP Dependency Check download by using NVD API key #4473

Merged
merged 1 commit into from
Jul 29, 2024
Merged

[fix][ci] Fix OWASP Dependency Check download by using NVD API key #4473

merged 1 commit into from
Jul 29, 2024

Conversation

hezhangjian
Copy link
Member

@hezhangjian hezhangjian commented Jul 27, 2024
edited
Loading

@hezhangjian hezhangjian force-pushed the fix-dependency-check branch from 6883c1d to 608a149 Compare July 27, 2024 09:33
@hezhangjian
Copy link
Member Author

@lhotari It seems download is still failed, do we need to merge this first?

lhotari
lhotari requested changes Jul 28, 2024
View reviewed changes
pom.xml Outdated Show resolved Hide resolved
@lhotari
Copy link
Member

lhotari commented Jul 28, 2024

@lhotari It seems download is still failed, do we need to merge this first?

Yes. Another option would be to create the PR branch to apache/bookkeeper so that it has access to the secret. The dependency check version must be at least 10.0.2 (there's another Pulsar PR explaining that).

@hezhangjian hezhangjian force-pushed the fix-dependency-check branch from 608a149 to f4b76c0 Compare July 28, 2024 08:58
@hezhangjian hezhangjian self-assigned this Jul 28, 2024
@hezhangjian hezhangjian added this to the 4.18.0 milestone Jul 28, 2024
@hezhangjian
Copy link
Member Author

@lhotari Thanks, I see your description in apache/pulsar#23012.

I suggest we can merge this pr first.

There's a mandatory upgrade notice about upgrading to 10.0.2 version.

@lhotari
Copy link
Member

lhotari commented Jul 28, 2024

I suggest we can merge this pr first.

That works for me, but why not just upgrade to 10.0.2 in this PR?

@lhotari
Copy link
Member

lhotari commented Jul 28, 2024

Looks like 10.0.2 is used in this PR, LGTM.

@lhotari
Copy link
Member

lhotari commented Jul 28, 2024

There's a error building the docker image

[INFO] Package netcat is a virtual package provided by:
[INFO]   netcat-traditional 1.10-48
[INFO]   netcat-openbsd 1.226-1ubuntu2
[INFO] 
[INFO] E: Package 'netcat' has no installation candidate

I believe netcat-openbsd should be used.

@hezhangjian hezhangjian force-pushed the fix-dependency-check branch from f4b76c0 to 1de5bb3 Compare July 29, 2024 07:37
@hezhangjian hezhangjian merged commit 7ab29e6 into apache:master Jul 29, 2024
23 checks passed
@hezhangjian hezhangjian deleted the fix-dependency-check branch July 29, 2024 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lhotari lhotari lhotari approved these changes

Assignees

@hezhangjian hezhangjian

Labels
release/4.16.7 release/4.17.2
Projects
None yet
Milestone
4.18.0
Development

Successfully merging this pull request may close these issues.
2 participants
@hezhangjian @lhotari