lhotari opened a new pull request, #4689:
URL: https://github.com/apache/bookkeeper/pull/4689
### Motivation
commons-collections is marked to be vulnerable in Sonatype with identifier
sonatype-2024-3350, although no public CVE exists for commons-collections 3.3.2
. Since the dependency seems to be unnecessary, it's better to exclude it
completely.
### Changes
- exclude commons-collections from the transitive dependencies of
commons-beanutils
- commons-collections is an optional dependency of commons-beanutils
- exclude commons-collections from hadoop-common transitive dependencies
> ---
> In order to uphold a high standard for quality for code contributions,
Apache BookKeeper runs various precommit
> checks for pull requests. A pull request can only be merged when it passes
precommit checks.
>
> ---
> Be sure to do all the following to help us incorporate your contribution
> quickly and easily:
>
> If this PR is a BookKeeper Proposal (BP):
>
> - [ ] Make sure the PR title is formatted like:
> `<BP-#>: Description of bookkeeper proposal`
> `e.g. BP-1: 64 bits ledger is support`
> - [ ] Attach the master issue link in the description of this PR.
> - [ ] Attach the google doc link if the BP is written in Google Doc.
>
> Otherwise:
>
> - [ ] Make sure the PR title is formatted like:
> `<Issue #>: Description of pull request`
> `e.g. Issue 123: Description ...`
> - [ ] Make sure tests pass via `mvn clean apache-rat:check install
spotbugs:check`.
> - [ ] Replace `<Issue #>` in the title with the actual Issue number.
>
> ---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
