fix(security): bump hiveops-bom 1.0.5 -> 1.0.7 — clears httpcore5 + postgresql CVEs #15
Reference in New Issue
Block a user
Delete Branch "fix/guide-bom-1.0.7-cves"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Fleet-wide CVE remediation — same one-line bump across every service on
hiveops-bom.postgresqlhttpcore5httpcore5is transitive viahttpclient5; Apache ships them as a matched pair, so bom 1.0.7 bumps httpclient5 5.5.2 -> 5.6.2, which pulls the patched core. Pinning core alone under the old client would be an untested combination.No suppressions — both took real upstream patches.
Verified on this service: builds + tests pass on 1.0.7.
Bumped 1.0.5 -> 1.0.7.
Refs bom#6