From 448ec81adc2a393549c8c65a365e9ba190d59734 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com> Date: Thu, 14 Aug 2025 10:07:06 +0000 Subject: [PATCH 1/2] apache-pulsar/4.0.6-r0: fix GHSA-prj3-ccx8-p6x4 --- apache-pulsar.yaml | 2 +- apache-pulsar/pombump-deps.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/apache-pulsar.yaml b/apache-pulsar.yaml index 47ebd44c395..4a25fc83e90 100644 --- a/apache-pulsar.yaml +++ b/apache-pulsar.yaml @@ -1,7 +1,7 @@ package: name: apache-pulsar version: "4.0.6" - epoch: 0 + epoch: 1 # GHSA-prj3-ccx8-p6x4 description: Pulsar is a distributed pub-sub messaging platform with a very flexible messaging model and an intuitive client API. copyright: - license: Apache-2.0 diff --git a/apache-pulsar/pombump-deps.yaml b/apache-pulsar/pombump-deps.yaml index 0b05cfd0507..6a99d6c19bc 100644 --- a/apache-pulsar/pombump-deps.yaml +++ b/apache-pulsar/pombump-deps.yaml @@ -5,3 +5,6 @@ patches: - groupId: org.apache.commons artifactId: commons-lang3 version: 3.18.0 + - groupId: io.netty + artifactId: netty-codec-http2 + version: 4.1.124.Final From a0c3ace5451349663b91edb8fc6839912f6be57a Mon Sep 17 00:00:00 2001 From: jamie-albert Date: Thu, 14 Aug 2025 17:11:06 -0700 Subject: [PATCH 2/2] fixed the property defintion and removed incorrect deps --- apache-pulsar.yaml | 7 ++++++- apache-pulsar/pombump-deps.yaml | 3 --- apache-pulsar/pombump-properties.yaml | 3 +++ 3 files changed, 9 insertions(+), 4 deletions(-) create mode 100644 apache-pulsar/pombump-properties.yaml diff --git a/apache-pulsar.yaml b/apache-pulsar.yaml index 4a25fc83e90..97e12349a52 100644 --- a/apache-pulsar.yaml +++ b/apache-pulsar.yaml @@ -1,7 +1,7 @@ package: name: apache-pulsar version: "4.0.6" - epoch: 1 # GHSA-prj3-ccx8-p6x4 + epoch: 1 description: Pulsar is a distributed pub-sub messaging platform with a very flexible messaging model and an intuitive client API. copyright: - license: Apache-2.0 @@ -35,6 +35,11 @@ pipeline: - uses: maven/pombump + - uses: maven/pombump + with: + patch-file: pombump-properties.yaml + pom: buildtools/pom.xml + - name: Build runs: ./mvnw package -DskipTests diff --git a/apache-pulsar/pombump-deps.yaml b/apache-pulsar/pombump-deps.yaml index 6a99d6c19bc..0b05cfd0507 100644 --- a/apache-pulsar/pombump-deps.yaml +++ b/apache-pulsar/pombump-deps.yaml @@ -5,6 +5,3 @@ patches: - groupId: org.apache.commons artifactId: commons-lang3 version: 3.18.0 - - groupId: io.netty - artifactId: netty-codec-http2 - version: 4.1.124.Final diff --git a/apache-pulsar/pombump-properties.yaml b/apache-pulsar/pombump-properties.yaml new file mode 100644 index 00000000000..81e4d1b2100 --- /dev/null +++ b/apache-pulsar/pombump-properties.yaml @@ -0,0 +1,3 @@ +properties: + - property: netty.version + value: "4.1.124.Final"