It is not a real dependency, so should not be any issue. I am not sure why
your tool flags it at all.
On Thu, Apr 28, 2022 at 10:04 PM Sundar Sabapathi Meenakshi <
sun...@mcruncher.com> wrote:
> Hi all,
>
> I am using spark-sql_2.12 dependency version 3.2.1 in my
> project. My dependency tracker highlights the transitive dependency
> "unused" from spark-sql_2.12 as vulnerable. I check there is no update
> for these artifacts since 2014. Is the artifact used anywhere in spark ?
>
> To resolve this vulnerability, can I exclude this "unused" artifact from
> spark-sql_2.12 ? Will it cause any issues in my project ?
>
>
> -
> To unsubscribe e-mail: user-unsubscr...@spark.apache.org