snmvaughan commented on PR #4491: URL: https://github.com/apache/hadoop/pull/4491#issuecomment-1167405730
I understand the desire to evaluate and manage the individual changes, so I'll resubmit the individual dependency updates. I was already planning on submitting these for branch-3.3 when 3.3.4 switch came to my attention. The HTrace library is showing up in the distribution as part of a transitive dependency from HBase. Given the goal to remove the dependency, the CVE, and ongoing work to move to OpenTelemetry, I would suggest we re-consider the hbase-noop-htrace swap. I was already planning on looking into the Curator 5 related ZooKeeper pull request, but felt the elimination of CVEs in the short-term was important. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
