From 72ed94a3880ffffd04b07afdd74f059ee2db434c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 14 Mar 2026 12:21:36 +0800
Subject: [PATCH 1/4] chore(deps): bump org.apache.zookeeper:zookeeper from
3.9.4 to 3.9.5 in /os-dependencies in the maven group across 1 directory
(#933)
Bumps the maven group with 1 update in the /os-dependencies directory:
org.apache.zookeeper:zookeeper.
Updates `org.apache.zookeeper:zookeeper` from 3.9.4 to 3.9.5
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore ` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/ACANX/MetaOpen/network/alerts).
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
os-dependencies/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml
index 73db8a73..901f298c 100644
--- a/os-dependencies/pom.xml
+++ b/os-dependencies/pom.xml
@@ -722,7 +722,7 @@
org.apache.zookeeper
zookeeper
- 3.9.4
+ 3.9.5
provided
true
From 6014d5ff9a0a8a747e5cac69c3f2f401decdcd47 Mon Sep 17 00:00:00 2001
From: ACANX
Date: Sat, 14 Mar 2026 12:23:14 +0800
Subject: [PATCH 2/4] Create SECURITY.md for security policy
Added a security policy document outlining supported versions and vulnerability reporting.
---
SECURITY.md | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
create mode 100644 SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..034e8480
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported |
+| ------- | ------------------ |
+| 5.1.x | :white_check_mark: |
+| 5.0.x | :x: |
+| 4.0.x | :white_check_mark: |
+| < 4.0 | :x: |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
From 06f255714861031509603bd03620a86e94866a7f Mon Sep 17 00:00:00 2001
From: ACANX
Date: Sat, 14 Mar 2026 12:26:53 +0800
Subject: [PATCH 3/4] Update supported versions in SECURITY.md
---
SECURITY.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/SECURITY.md b/SECURITY.md
index 034e8480..f0237b41 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -7,10 +7,10 @@ currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
-| 5.1.x | :white_check_mark: |
-| 5.0.x | :x: |
-| 4.0.x | :white_check_mark: |
-| < 4.0 | :x: |
+| 0.6.x | :white_check_mark: |
+| < 0.6.5 | :x: |
+| 0.5.x | :white_check_mark: |
+| < 0.5.0 | :x: |
## Reporting a Vulnerability
From cc7c6e4380de4a28332a973db8dc0ff1b2c6b8bd Mon Sep 17 00:00:00 2001
From: ACANX
Date: Sat, 14 Mar 2026 14:55:06 +0800
Subject: [PATCH 4/4] Downgrade zookeeper dependency version to 3.9.4
---
os-dependencies/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml
index 901f298c..73db8a73 100644
--- a/os-dependencies/pom.xml
+++ b/os-dependencies/pom.xml
@@ -722,7 +722,7 @@
org.apache.zookeeper
zookeeper
- 3.9.5
+ 3.9.4
provided
true