bobbai00 opened a new issue, #4468:
URL: https://github.com/apache/texera/issues/4468
### What happened?
`jtidy:jtidy:4aug2000r7-dev` is pulled into the binary distribution through
a long transitive chain rooted at the direct dependency
`io.github.redouane59.twitter:twittered:2.21` (declared in `amber/build.sbt`
and `common/workflow-operator/build.sbt`):
```
io.github.redouane59.twitter:twittered
└─ org.codehaus.sonar:sonar-packaging-maven-plugin
└─ org.apache.maven:maven-archiver
└─ org.apache.maven:maven-core
└─ org.apache.maven.wagon:wagon-http-lightweight
└─ org.apache.maven.wagon:wagon-http-shared
└─ jtidy:jtidy
```
`jtidy` ships under the "Java HTML Tidy License" (an ad-hoc MIT-style
license), which is distinct from every SPDX-standard license Texera already
declares. Shipping it forces a dedicated `LICENSE-binary` section and separate
attribution handling for a dependency that nothing in Texera's code actually
uses.
### How to reproduce?
```
sbt 'WorkflowExecutionService/dependencyTree' | grep jtidy
```
### Version
1.1.0-incubating (Pre-release/Master)
### Commit Hash (Optional)
ef663648d
### Proposed fix
Dropping `twittered` (tracked in #4454 / #4455, implemented in PR #4463)
removes the root of this chain and therefore also removes `jtidy`. No separate
fix needed; this issue closes together with them.
### Was this authored or co-authored using generative AI tooling?
Generated-by: Claude Code (Claude Opus 4.7)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
