Thanks to visit codestin.com
Credit goes to github.com

Skip to content

removed shaded org.apache.commons.text #1012

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
svettwer wants to merge 1 commit into from
Closed

removed shaded org.apache.commons.text #1012

svettwer wants to merge 1 commit into from

Conversation

@svettwer
Copy link

@svettwer svettwer commented Oct 18, 2022
edited
Loading

Follow up on #1010.
Removing the shaded org.apache.commons.commons-text that might trigger scanners related to CVE-2022-42889.

Discussion: #1009

aschwarte10
aschwarte10 reviewed Oct 18, 2022
View reviewed changes
Copy link
Contributor

@aschwarte10 aschwarte10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even better from my side to remove any shaded copies and leave the option to other applications for maintaining versions. Especially for apache commons the versions are very much stable nowadays so that shading brings more disadvantages than advantages.

@jknack
Copy link
Owner

jknack commented Oct 18, 2022

In the past them caused version conflicts with other libraries. That was the reason of why I shaded it.

@svettwer
Copy link
Author

svettwer commented Oct 18, 2022

Maybe those can be resolved with some maven dependency tree magic then. I also used shading once back in the days but the price is high. Although a cleaned and well maintained dependency tree is not easy to achieve as well. Maybe a handlebars-bom module might help to get everything together and iron out dependency graph issues more efficiently?

@svettwer
Copy link
Author

svettwer commented Oct 18, 2022

As mentioned here, this is definitely something for the next major version

@hungphamzto
Copy link

hungphamzto commented Oct 18, 2022

@jknack it's good if we remove shaded commons text in 4.3.1 because I wonder commons text lib still got security issue in near future, then we need take time for hot fix again.

@jknack jknack added this to the 4.4.0 milestone Mar 10, 2024
@jknack jknack closed this Mar 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@aschwarte10 aschwarte10 aschwarte10 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.4.0

Development

Successfully merging this pull request may close these issues.

4 participants

@svettwer @jknack @hungphamzto @aschwarte10