Skip to content

Bump org.apache.pulsar:pulsar-client-all from 4.1.2 to 4.1.3#1432

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/main/org.apache.pulsar-pulsar-client-all-4.1.3
Closed

Bump org.apache.pulsar:pulsar-client-all from 4.1.2 to 4.1.3#1432
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/main/org.apache.pulsar-pulsar-client-all-4.1.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 20, 2026
edited
Loading

Bumps org.apache.pulsar:pulsar-client-all from 4.1.2 to 4.1.3.

Release notes

Sourced from org.apache.pulsar:pulsar-client-all's releases.

v4.1.3

2026-02-19

Library updates

  • [improve][broker] Upgrade bookkeeper to 4.17.3 (#25166)
  • [fix][sec] Bump at.yawk.lz4:lz4-java from 1.9.0 to 1.10.1 in /pulsar-common (#25045)
  • [fix][sec] Bump org.apache.solr:solr-core from 9.8.0 to 9.10.1 in /pulsar-io/solr (#25175)
  • [fix][sec] Eliminate commons-collections dependency (#25024)
  • [fix][sec] Exclude org.lz4:lz4-java and standardize on at.yawk.lz4-java to remediate CVE-2025-12183 and CVE-2025-66566 (#25198)
  • [fix][sec] Upgrade jose4j to 0.9.6 to address CVE-2024-29371 (#25095)
  • [fix][sec] Upgrade log4j to 2.25.3 to address CVE-2025-68161 (#25102)
  • [fix][sec] Upgrade Netty to 4.1.130.Final (#25078)
  • [fix][sec] Upgrade OpenSearch to 2.19.4 to remediate CVE-2025-9624 (#25206)
  • [fix][sec] Upgrade vertx to address CVE-2026-1002 (#25152)
  • [fix][test] Upgrade docker-java to 3.7.0 (#25209)
  • [improve][io] Upgrade Debezium version to 3.2.5.Final (#25029)
  • [improve][monitor] Upgrade OpenTelemetry to 1.56.0, Otel instrumentation to 2.21.0 and Otel semconv to 1.37.0 (#24994)
  • [improve][misc] Upgrade snappy version to 1.1.10.8 (#25182)
  • [feat][meta] upgrade oxia version to 0.7.2 (#24976)
  • [fix] Upgrade gson to 2.13.2 (#25022)
  • [improve] Upgrade Apache Commons library versions (#24983)
  • [improve] Upgrade Caffeine to 3.2.3 (#24984)
  • [improve] Upgrade Log4j2 to 2.25.2 and slf4j to 2.0.17 (#24985)
  • [improve] Upgrade Netty to 4.1.131.Final (#25232)
  • [fix][sec] Bump github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0 in /pulsar-function-go (#24987)

Broker

  • [fix][broker] Add schema version in rest produce api (#25004)
  • [fix][broker] Avoid split non-existent bundle (#25031)
  • [fix][broker] Fence reset cursor by timestamp to avoid concurrent timestamp-based position lookups (#25151)
  • [fix][broker] Fix chunked message loss when no consumers are available (#25077)
  • [fix][broker] Fix compaction horizon might be reset to an old position when phase two is interrupted (#25119)
  • [fix][broker] Fix creation of replicated subscriptions for partitioned topics (#24997)
  • [fix][broker] Fix cursor position persistence in ledger trimming (#25087)
  • [fix][broker] Fix httpProxyTimeout config (#25223)
  • [fix][broker] Fix incomplete futures in topic property update/delete methods (#25228)
  • [fix][broker] Fix issue with schemaValidationEnforced in geo-replication (#25012)
  • [fix][broker] Fix ManagedCursorImpl.asyncDelete() method may lose previous async mark delete properties in race condition (#25165)
  • [fix][broker] Fix markDeletedPosition race condition in ManagedLedgerImpl.maybeUpdateCursorBeforeTrimmingConsumedLedger() method (#25110)
  • [fix][broker] Fix MultiRolesTokenAuthorizationProvider error when subscription prefix doesn't match. (#25121)
  • [fix][broker] Fix potential NPE in InMemTransactionBuffer.appendBufferToTxn by returning a valid Position (#25039)
  • [fix][broker] fix prepareInitPoliciesCacheAsync in SystemTopicBasedTopicPoliciesService (#24980)
  • [fix][broker] Fix regex matching of namespace name which might contain a regex char (#25136)
  • [fix][broker] Fix transactionMetadataFuture completeExceptionally with null value (#25231)
  • [fix][broker] Fix various error-prone detected errors mainly in logging and String.format parameters (#25059)
  • [fix][broker] Force EnsemblePolicies to resolve network location after rackInfoMap is updated due to changes in /ledgers/available znode (#25067)
  • [fix][broker] PIP-442: Fix race condition in async semaphore permit updates that causes memory limits to become ineffective (#25066)
  • [fix][broker] Prevent missed topic changes in topic watchers and schedule periodic refresh with patternAutoDiscoveryPeriod interval (#25188)

... (truncated)

Commits
  • bc9d732 [fix][meta] Metadata cache refresh might not take effect (#25246)
  • 1b1c58a [fix][test] Fix ResourceQuotaCalculatorImplTest#testNeedToReportLocalUsage (#...
  • cc84262 [fix][test] fix testBatchMetadataStoreMetrics. (#25241)
  • bfcffe6 [improve] Upgrade Netty to 4.1.131.Final (#25232)
  • 5a44e02 Reapply "[improve][meta] PIP-453: Improve the metadata store threading model ...
  • 56cd23c Revert "[improve][meta] PIP-453: Improve the metadata store threading model (...
  • 24c6524 Release 4.1.3
  • 7215506 [fix][broker] Fix transactionMetadataFuture completeExceptionally with null v...
  • 3b8a51c [fix][client] Send all chunkMessageIds to broker for redelivery (#25229)
  • 37250ef [improve][broker] Give the detail error msg when authenticate failed with Aut...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added the type: dependency-upgrade A dependency upgrade2 label Feb 20, 2026
@dependabot dependabot Bot force-pushed the dependabot/gradle/main/org.apache.pulsar-pulsar-client-all-4.1.3 branch from cd1c383 to 48c842d Compare March 15, 2026 20:46
@dependabot
Bump org.apache.pulsar:pulsar-client-all from 4.1.2 to 4.1.3
0658e3b 
Bumps [org.apache.pulsar:pulsar-client-all](https://github.com/apache/pulsar) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/apache/pulsar/releases)
- [Commits](apache/pulsar@v4.1.2...v4.1.3)

---
updated-dependencies:
- dependency-name: org.apache.pulsar:pulsar-client-all
  dependency-version: 4.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/gradle/main/org.apache.pulsar-pulsar-client-all-4.1.3 branch from 48c842d to 0658e3b Compare March 15, 2026 20:46
@onobc
Copy link
Copy Markdown
Contributor

onobc commented Mar 15, 2026

Closing in favor of #1443

@onobc onobc closed this Mar 15, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 15, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@onobc onobc deleted the dependabot/gradle/main/org.apache.pulsar-pulsar-client-all-4.1.3 branch March 15, 2026 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type: dependency-upgrade A dependency upgrade2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@onobc