lhotari opened a new pull request #2734:
URL: https://github.com/apache/bookkeeper/pull/2734
Fixes #2732
### Motivation
- Freebuilder 1.14.9 contains an outdate jquery js file which causes the
library to be flagged as vulnerable with the highest threat level in Sonatype
IQ vulnerability scanner. This also flags Bookkeeper and Pulsar as vulnerable
with the highest threat level although it is a false positive and not an actual
threat.
- Freebuilder shouldn't be exposed as a transitive dependency
- it's an annotation processor which should be defined
- [optional in maven](https://github.com/inferred/FreeBuilder#maven)
- [compileOnly in gradle](https://github.com/inferred/FreeBuilder#gradle)
### Changes
- upgrade [Freebuilder](https://github.com/inferred/FreeBuilder) from 1.14.9
to 2.7.0
- make dependency optional in maven pom.xml
- use `compileOnly` instead of `implementation` in gradle build
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
