bdoyle0182 commented on code in PR #5034:
URL: https://github.com/apache/openwhisk/pull/5034#discussion_r1092300812
##########
common/scala/build.gradle:
##########
@@ -98,6 +98,38 @@ dependencies {
compile ("com.azure:azure-storage-blob:12.6.0") {
exclude group: "com.azure", module: "azure-core-test"
}
+
Review Comment:
They appear to be transitive dependencies from actual dependencies we
declare.
I started this pr yesterday to clear all known CVE's before realizing this
one existed. I think we can upgrade the actual dependencies rather than pin
transitive dependencies. I'll take what I can from here, but I'm probably going
to do things in multiple PR's so I'm not disrupting too much at once until I
have cleared everything. I would much rather upgrade dependencies where I can
and then pin transitive dependency versions as a last resort.
https://github.com/apache/openwhisk/pull/5373
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
