stefanseifert commented on PR #34: URL: https://github.com/apache/sling-org-apache-sling-xss/pull/34#issuecomment-1619125591
best thing of course would be to get rid of guava completely, but this is out of our hands as long as we want to use java-html-sanitizer for xss. imho using oak-shaded-guava is not a good idea - as the name suggest this should only be used by oak, and may be updated (or removed) by the oak team at any time. and guava does not play nicely with OSGi package versions (https://github.com/google/guava/issues/1682), increasing all packages with major version updates even if not needed. (this discussion should've been placed in [SLING-7231](https://issues.apache.org/jira/browse/SLING-7231), which was released long ago. in this PR, we're just shading the artifact, it was embedded before already.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
