This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 51da1ff [Security] Use dependency management to enforce vertx version
(#10286)
51da1ff is described below
commit 51da1ffb8974067e9a50848406327d2de7c6a984
Author: Lari Hotari <[email protected]>
AuthorDate: Tue Apr 20 22:03:42 2021 +0300
[Security] Use dependency management to enforce vertx version (#10286)
- the previous solution left the invalid dependencies in all Pulsar
libraries
---
distribution/server/pom.xml | 45 ++++++++++-----------------------------------
pom.xml | 11 +++++++++++
2 files changed, 21 insertions(+), 35 deletions(-)
diff --git a/distribution/server/pom.xml b/distribution/server/pom.xml
index 94eba91..8f092dc 100644
--- a/distribution/server/pom.xml
+++ b/distribution/server/pom.xml
@@ -19,7 +19,7 @@
-->
<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
<modelVersion>4.0.0</modelVersion>
<parent>
@@ -115,23 +115,23 @@
</dependency>
<dependency>
- <groupId>io.dropwizard.metrics</groupId>
- <artifactId>metrics-core</artifactId>
+ <groupId>io.dropwizard.metrics</groupId>
+ <artifactId>metrics-core</artifactId>
</dependency>
<dependency>
- <groupId>io.dropwizard.metrics</groupId>
- <artifactId>metrics-graphite</artifactId>
+ <groupId>io.dropwizard.metrics</groupId>
+ <artifactId>metrics-graphite</artifactId>
</dependency>
<dependency>
- <groupId>io.dropwizard.metrics</groupId>
- <artifactId>metrics-jvm</artifactId>
+ <groupId>io.dropwizard.metrics</groupId>
+ <artifactId>metrics-jvm</artifactId>
</dependency>
<dependency>
- <groupId>org.xerial.snappy</groupId>
- <artifactId>snappy-java</artifactId>
+ <groupId>org.xerial.snappy</groupId>
+ <artifactId>snappy-java</artifactId>
</dependency>
<dependency>
@@ -242,41 +242,16 @@
<groupId>io.netty</groupId>
<artifactId>*</artifactId>
</exclusion>
- <!--TODO: When pulsar uses
https://github.com/apache/bookkeeper/pull/2410 in -->
- <!-- the next bk version, please remove the following content.-->
- <exclusion>
- <groupId>io.vertx</groupId>
- <artifactId>*</artifactId>
- </exclusion>
</exclusions>
</dependency>
- <!--TODO: When pulsar uses https://github.com/apache/bookkeeper/pull/2410
in -->
- <!-- the next bk version, please remove the following content.-->
<dependency>
<groupId>io.vertx</groupId>
<artifactId>vertx-core</artifactId>
- <version>${vertx.version}</version>
- <exclusions>
- <exclusion>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-core</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-annotations</artifactId>
- </exclusion>
- </exclusions>
</dependency>
<dependency>
<groupId>io.vertx</groupId>
<artifactId>vertx-web</artifactId>
- <version>${vertx.version}</version>
</dependency>
-
</dependencies>
<build>
@@ -339,7 +314,7 @@
</goals>
</pluginExecutionFilter>
<action>
- <ignore />
+ <ignore/>
</action>
</pluginExecution>
</pluginExecutions>
diff --git a/pom.xml b/pom.xml
index 451fde0..dc2bbec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -386,6 +386,17 @@ flexible messaging model and an intuitive client
API.</description>
</dependency>
<dependency>
+ <groupId>io.vertx</groupId>
+ <artifactId>vertx-core</artifactId>
+ <version>${vertx.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.vertx</groupId>
+ <artifactId>vertx-web</artifactId>
+ <version>${vertx.version}</version>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-recipes</artifactId>
<version>${curator.version}</version>
