dmmkr commented on PR #5192: URL: https://github.com/apache/hadoop/pull/5192#issuecomment-1342593030
Thanks @steveloughran for the review, I agree that spring version upgrade should come with the plugin, I tried upgrading the maven plugin to the latest available version of 1.10.1, it still has the vulnerable spring version of 5.3.1 I can a comment similar to https://github.com/apache/hadoop/pull/421 to ensure that the spring dependencies get removed in the later versions of plugin upgrade. We are adding spring as the first level dependency for the plugin, whereas the existing spring is coming from the second level of dependency. Maven ensures that the nearest level of dependency gets picked up. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
