[
https://issues.apache.org/jira/browse/TEZ-4169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
László Bodor updated TEZ-4169:
------------------------------
Summary: Remove unused transitive compile time jackson dependencies (was:
Remove transitive compile time jackson dependency)
> Remove unused transitive compile time jackson dependencies
> ----------------------------------------------------------
>
> Key: TEZ-4169
> URL: https://issues.apache.org/jira/browse/TEZ-4169
> Project: Apache Tez
> Issue Type: Bug
> Reporter: László Bodor
> Assignee: László Bodor
> Priority: Major
>
> Tez has many occurrences of jackson dependencies in its dep tree, however
> none of them is direct:
> {code}
> lbodor@HW12459 ~/apache/tez master mvn dependency:tree | grep
> jackson | wc -l
> 204
> {code}
> It's misleading because tez protobuf history plugin does depend on jackson
> mapper, so it should have jackson as a direct dependency.
> Similarly to other dependencies, transitive deps can also trigger security
> scan alerts, complaining about outdated jackson dependencies. It would be
> cleaner to completely remove unused transitive jackson depdendencies and
> re-add them in test scope where it's needed for clarity's sake.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
