fix(sec): upgrade org.apache.kafka:kafka-clients to 3.2.3

[W0lfier]

What happened？

There are 1 security vulnerabilities found in org.apache.kafka:kafka-clients 3.2.1

• CVE-2023-25194

What did I do？

Upgrade org.apache.kafka:kafka-clients from 3.2.1 to 3.4.0 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

[jcchavezs]

Ping @jeqo

On Thu, 16 Mar 2023, 21:26 W0lfier, @.***> wrote:

What happened？

There are 1 security vulnerabilities found in org.apache.kafka:kafka-clients 3.2.1

• CVE-2023-25194 https://www.oscs1024.com/hd/CVE-2023-25194

What did I do？

Upgrade org.apache.kafka:kafka-clients from 3.2.1 to 3.4.0 for vulnerability fix What did you expect to happen？

Ideally, no insecure libs should be used. The specification of the pull request

PR Specification https://www.oscs1024.com/docs/pr-specification/ from OSCS

You can view, comment on, or merge this pull request online at:

https://github.com/openzipkin/brave/pull/1366 Commit Summary

• 08aa28e https://github.com/openzipkin/brave/pull/1366/commits/08aa28e064278b030348115de3463600d9c6e712 update org.apache.kafka:kafka-clients 3.2.1 to 3.4.0

File Changes

(1 file https://github.com/openzipkin/brave/pull/1366/files)

• M pom.xml https://github.com/openzipkin/brave/pull/1366/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8 (2)

Patch Links:

• https://github.com/openzipkin/brave/pull/1366.patch
• https://github.com/openzipkin/brave/pull/1366.diff

— Reply to this email directly, view it on GitHub https://github.com/openzipkin/brave/pull/1366, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAXO7Y6NJLO3DCVOHB3W4NZRFANCNFSM6AAAAAAV5WMLNQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[shakuzen]

I updated the PR title and release notes since the merged change was an update to 3.2.3 rather than 3.4.0.