This is an automated email from the ASF dual-hosted git repository. pkarwasz pushed a commit to branch release/2.24.1 in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
commit a92713c4ba4544e57a9690e3ef133ac29036382e Author: Piotr P. Karwasz <[email protected]> AuthorDate: Tue Sep 24 07:38:28 2024 +0200 Pin Cassandra transitive deps --- log4j-cassandra/pom.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/log4j-cassandra/pom.xml b/log4j-cassandra/pom.xml index a248ca734b..eb914cf0e2 100644 --- a/log4j-cassandra/pom.xml +++ b/log4j-cassandra/pom.xml @@ -45,8 +45,29 @@ <!-- cassandra-all breaks with a newer version --> <!-- at least this version has one CVE less than the one suggested by Cassandra --> <guava.version>25.1-jre</guava.version> + <!-- Pinned transitive dependencies for reproducibility between Linux and MacOS --> + <jnr-ffi.version>2.2.16</jnr-ffi.version> + <snappy.version>1.1.10.7</snappy.version> </properties> + <dependencyManagement> + <dependencies> + + <dependency> + <groupId>com.github.jnr</groupId> + <artifactId>jnr-ffi</artifactId> + <version>${jnr-ffi.version}</version> + </dependency> + + <dependency> + <groupId>org.xerial.snappy</groupId> + <artifactId>snappy-java</artifactId> + <version>${snappy.version}</version> + </dependency> + + </dependencies> + </dependencyManagement> + <dependencies> <dependency> <groupId>org.apache.logging.log4j</groupId>
