flink-kubernetes-operator [FLINK-36528] [Kubernetes Operator] Update org.apache.avro from 1.8.2 to 1.12.0

[FLINK-36528] [Kubernetes Operator] Update org.apache.avro from 1.8.2 to 1.12.0

Open kartik-3513 opened this issue 4 months ago • 6 comments

What is the purpose of the change

This PR updates the dependency "org.apache.avro:avro" version from 1.8.2 to 1.12.0

Brief change log

The transitive dependency "org.apache.avro:avro" version 1.8.2 present in beam-sdks-java-core under flink-beam-example module has 2 direct and 12 vulnerabilities from dependent packages. Updating it to 1.12.0 removes all of them. List can be found here: https://mvnrepository.com/artifact/org.apache.avro/avro/1.8.2

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Does this pull request potentially affect one of the following parts:

Dependencies (does it add or upgrade a dependency): yes
The public API, i.e., is any changes to the CustomResourceDescriptors: no
Core observer or reconciler logic that is regularly executed: no

Documentation

Does this pull request introduce a new feature? no
If yes, how is the feature documented? not applicable

Oct 14 '24 10:10 kartik-3513

flink-kubernetes-operator flink-kubernetes-operator copied to clipboard

[FLINK-36528] [Kubernetes Operator] Update org.apache.avro from 1.8.2 to 1.12.0

What is the purpose of the change

Brief change log

Verifying this change

Does this pull request potentially affect one of the following parts:

Documentation

flink-kubernetes-operator
flink-kubernetes-operator copied to clipboard