-
Notifications
You must be signed in to change notification settings - Fork 227
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
httpclient 4.5.13 #2074
httpclient 4.5.13 #2074
Conversation
@@ -104,6 +104,12 @@ | |||
</exclusions> | |||
</dependency> | |||
|
|||
<dependency> | |||
<groupId>org.apache.httpcomponents</groupId> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What requires this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
avatica-core
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed scope to runtime to match the dependencies of calcite
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't use calcite to make HTTP connections though. Is there any reason we can't simply exclude it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No. If we mention calcite
without any mention of httpclient
the downstream will pull in the calcite
old version of httpclient
. They have the option to exclude it, but sadly maven
does not let us exclude on their behalf.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a comment:
Avoid CVE-2020-13956
@@ -104,6 +104,12 @@ | |||
</exclusions> | |||
</dependency> | |||
|
|||
<dependency> | |||
<groupId>org.apache.httpcomponents</groupId> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a comment:
Avoid CVE-2020-13956
Description
Avoid CVE-2020-13956
Motivation and Context
Security
How Has This Been Tested?
Unit testing
License
I confirm that this contribution is made under an Apache 2.0 license and that I have the authority necessary to make this contribution on behalf of its copyright owner.