mattdickinson5
commented
10 months ago Netty was upgraded in https://github.com/twitter/finagle/commit/cfe398416da37216fd344735d2278eca2d623452
Closed peter-janssen closed 10 months ago
mattdickinson5
commented
10 months ago Netty was upgraded in https://github.com/twitter/finagle/commit/cfe398416da37216fd344735d2278eca2d623452
It seems that only direct dependencies of finagle with vulnerabilities are updated during release. This is unfortunate since the longer release cadence several dependencies have newer versions. This can cause problems when using other components of those dependenceis. For example with netty when using other parts (e.g. netty-codec) the current versions used by finagle has vulnerabilities. Upgrading causes problems when finagle is not compatible with newer versions. Please include dependency upgrades during the release process.