[
https://issues.apache.org/jira/browse/RATIS-1507?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tsz-wo Sze updated RATIS-1507:
------------------------------
Description:
Clean up the vulnerabilities from dependencies; see
[https://mvnrepository.com/artifact/org.apache.ratis/ratis-thirdparty/0.7.0]
We should
- bump guava version.
- Move junit and slf4j-log4j12 to test since they are only used in test.
I also suggest removing test from the module list in the root pom.xml so that
ratis-thirdparty won't get the test dependencies (e.g. log4j12).
{code}
<modules>
<module>misc</module>
- <module>test</module>
</modules>
{code}
was:
Clean up the vulnerabilities from dependencies; see
https://mvnrepository.com/artifact/org.apache.ratis/ratis-thirdparty/0.7.0
We should
- bump guava version.
- Move junit and slf4j-log4j12 to test since they are only used in test.
> [thirdparty] Clean up the vulnerabilities from dependencies
> -----------------------------------------------------------
>
> Key: RATIS-1507
> URL: https://issues.apache.org/jira/browse/RATIS-1507
> Project: Ratis
> Issue Type: Bug
> Components: thirdparty
> Reporter: Tsz-wo Sze
> Assignee: Tsz-wo Sze
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Clean up the vulnerabilities from dependencies; see
> [https://mvnrepository.com/artifact/org.apache.ratis/ratis-thirdparty/0.7.0]
> We should
> - bump guava version.
> - Move junit and slf4j-log4j12 to test since they are only used in test.
> I also suggest removing test from the module list in the root pom.xml so that
> ratis-thirdparty won't get the test dependencies (e.g. log4j12).
> {code}
> <modules>
> <module>misc</module>
> - <module>test</module>
> </modules>
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
