sonatype-lift[bot] commented on code in PR #1307:
URL: https://github.com/apache/solr/pull/1307#discussion_r1083882288
##########
solr/core/build.gradle:
##########
@@ -59,38 +100,50 @@ dependencies {
implementation "org.apache.lucene:lucene-spatial-extras"
implementation "org.apache.lucene:lucene-suggest"
+
// Collections & lang utilities
- implementation ('com.google.guava:guava') { transitive = false }
+ implementation 'com.google.guava:guava'
implementation 'org.apache.commons:commons-lang3'
implementation 'org.apache.commons:commons-math3'
implementation 'commons-io:commons-io'
implementation 'com.carrotsearch:hppc'
implementation 'org.apache.commons:commons-collections4'
- runtimeOnly 'commons-collections:commons-collections' // for Hadoop and...?
implementation('com.github.ben-manes.caffeine:caffeine') { transitive =
false }
- implementation 'org.slf4j:slf4j-api'
-
implementation 'commons-codec:commons-codec'
implementation 'commons-cli:commons-cli'
+ implementation 'org.locationtech.spatial4j:spatial4j'
+
+ implementation 'com.fasterxml.jackson.core:jackson-annotations'
+ implementation 'com.fasterxml.jackson.core:jackson-core'
implementation 'com.fasterxml.jackson.core:jackson-databind'
implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile'
Review Comment:
<picture><img alt="46% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/46/display.svg";></picture>
*High Vulnerability:*
### maven : com.fasterxml.jackson.dataformat/jackson-dataformat-smile :
2.14.1
0 Critical, 1 High, 0 Medium, 0 Low vulnerabilities have been found across 1
dependencies.
[View the Lift
console](https://lift.sonatype.com/results/github.com/apache/solr/01GQEZBSKB0V8KWDB2MGK5EH8N?tab=dependencies&component=pkg%3Amaven%2Fcom.fasterxml.jackson.dataformat%2Fjackson-dataformat-smile%402.14.1)
for details about these vulnerabilities.
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not
relevant](https://www.sonatype.com/lift-comment-rating?comment=371755399&lift_comment_rating=1)
] - [ [đ Won't
fix](https://www.sonatype.com/lift-comment-rating?comment=371755399&lift_comment_rating=2)
] - [ [đ Not critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371755399&lift_comment_rating=3)
] - [ [đ Critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371755399&lift_comment_rating=4)
] - [ [đ Critical, fixing
now](https://www.sonatype.com/lift-comment-rating?comment=371755399&lift_comment_rating=5)
]
##########
solr/core/build.gradle:
##########
@@ -59,38 +100,50 @@ dependencies {
implementation "org.apache.lucene:lucene-spatial-extras"
implementation "org.apache.lucene:lucene-suggest"
+
// Collections & lang utilities
- implementation ('com.google.guava:guava') { transitive = false }
+ implementation 'com.google.guava:guava'
Review Comment:
<picture><img alt="36% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/36/display.svg";></picture>
*Medium Vulnerability:*
### maven : com.google.guava/guava : 31.1-jre
0 Critical, 0 High, 1 Medium, 0 Low vulnerabilities have been found across 1
dependencies.
[View the Lift
console](https://lift.sonatype.com/results/github.com/apache/solr/01GQEZBSKB0V8KWDB2MGK5EH8N?tab=dependencies&component=pkg%3Amaven%2Fcom.google.guava%2Fguava%4031.1-jre)
for details about these vulnerabilities.
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not
relevant](https://www.sonatype.com/lift-comment-rating?comment=371755401&lift_comment_rating=1)
] - [ [đ Won't
fix](https://www.sonatype.com/lift-comment-rating?comment=371755401&lift_comment_rating=2)
] - [ [đ Not critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371755401&lift_comment_rating=3)
] - [ [đ Critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371755401&lift_comment_rating=4)
] - [ [đ Critical, fixing
now](https://www.sonatype.com/lift-comment-rating?comment=371755401&lift_comment_rating=5)
]
##########
solr/core/src/java/org/apache/solr/schema/EnumFieldType.java:
##########
@@ -45,19 +44,23 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-/**
- * Field type for support of string values with custom sort order.
- */
+/** Field type for support of string values with custom sort order. */
public class EnumFieldType extends AbstractEnumField {
private static final Logger log =
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
@Override
public Type getUninversionType(SchemaField sf) {
Review Comment:
<picture><img alt="29% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/29/display.svg";></picture>
*[BadImport](https://errorprone.info/bugpattern/BadImport):* Importing
nested classes/static methods/static fields with commonly-used names can make
code harder to read, because it may not be clear from the context exactly which
type is being referred to. Qualifying the name with that of the containing
class can make the code clearer. Here we recommend using qualified class:
UninvertingReader.
---
```suggestion
public UninvertingReader.Type getUninversionType(SchemaField sf) {
```
---
<details><summary><b>âšī¸ Learn about @sonatype-lift commands</b></summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
---
Was this a good recommendation?
[ [đ Not
relevant](https://www.sonatype.com/lift-comment-rating?comment=371755970&lift_comment_rating=1)
] - [ [đ Won't
fix](https://www.sonatype.com/lift-comment-rating?comment=371755970&lift_comment_rating=2)
] - [ [đ Not critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371755970&lift_comment_rating=3)
] - [ [đ Critical, will
fix](https://www.sonatype.com/lift-comment-rating?comment=371755970&lift_comment_rating=4)
] - [ [đ Critical, fixing
now](https://www.sonatype.com/lift-comment-rating?comment=371755970&lift_comment_rating=5)
]
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
![https://lift.sonatype.com/api/commentimage/fixrate/46/display.svg"](https://lift.sonatype.com/api/commentimage/fixrate/46/display.svg"){kind=link}
![https://lift.sonatype.com/api/commentimage/fixrate/36/display.svg"](https://lift.sonatype.com/api/commentimage/fixrate/36/display.svg"){kind=link}
![https://lift.sonatype.com/api/commentimage/fixrate/29/display.svg"](https://lift.sonatype.com/api/commentimage/fixrate/29/display.svg"){kind=link}