frugal
frugal copied to clipboard
java: Deprecate FServlet
Story:
Jakarta EE has renamed all packages to jakarta.
. #1410 added FJakartaServlet
as a replacement. We would like to remove FServlet
in the future, so start warning developers that FServlet
is going away.
How To Test:
N/A. Deprecation only.
Reviewers:
@Workiva/service-platform
Security Insights
(5) Vulnerable direct dependencies were detected
aiohttp via lib/python/requirements_dev_asyncio.txt
github.com/nats-io/nats-server/v2 via lib/go/go.mod
org.apache.thrift:libthrift via lib/java/pom.xml
org.apache.thrift:libthrift via test/integration/java/frugal-integration-test/pom.xml
org.nanohttpd:nanohttpd
via test/integration/java/frugal-integration-test/pom.xml
with no fix reported by GitHubAction Items
- Review dependencies for available updates
- See this Splunk dashboard for more CVE details
- Review PR for security impact; comment "security review required" if needed or unsure
- Verify
aviary.yaml
coverage of security relevant code
Questions or Comments? Reach out on Slack: #support-infosec.
Anything holding back a merge here, or are we OK to call rosie?
From Workiva-internal discussions, Spring won't support jakarta.servlet
until Q4, so services using Spring can't actually take action on the deprecation warnings until then, so we're going to hold off for now.