protobuf from 3.3.0 to 3.21.9 #7
Conversation
org.slf4j from 1.7.25 to 2.0.4
ch.qos.logback from 1.2.2 to 1.4.5
kafka-clients from 0.10.2.1 to 3.3.1
commented out <!-- <testSourceDirectory>${project.basedir}/src/test/java</testSourceDirectory>--> as it does not exist
updated repository to registry.cp.kpn-dsh.com/training/tenant-example
You can switch to https://openjdk.org/projects/jdk/17/. We're planning to do the same for most components. |
You can switch to https://mvnrepository.com/artifact/io.jaegertracing/jaeger-client/1.8.1. We've been doing the same to get rid of those vulnerabilities. |
| <dependency> | ||
| <groupId>org.apache.kafka</groupId> | ||
| <artifactId>kafka-clients</artifactId> | ||
| <version>3.3.1</version> |
There was a problem hiding this comment.
We don't use Kafka 3 yet. We recommend https://search.maven.org/artifact/org.apache.kafka/kafka-clients version 2.7.2 at the moment. You can try the newer 2.8.2 also. But I would stay away from 3.x for now.
Hold on the 8 -> 17 switch until we've done it on our side. We'll have more experience to assist you then. |
Changes:
I deployed the new docker and tested it.
There are stiil 11 vulnerabilities that can be solved; 9 of them are dependencies of com.uber.jaeger (which has been changed into io.jaegertracing); the other 2 are c-libraries i expect being caused by the openjdk:8.