Skip to content

Commit 92399c9

Browse files
blacktoothblacktooth
committed
Remove commons compression globally.
1 parent 8596e42 commit 92399c9

File tree

3 files changed

+8
-12
lines changed

3 files changed

+8
-12
lines changed

avro-flink-serde/pom.xml

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -149,11 +149,6 @@
149149
</exclusion>
150150
</exclusions>
151151
</dependency>
152-
<dependency>
153-
<groupId>org.apache.commons</groupId>
154-
<artifactId>commons-compress</artifactId>
155-
<version>1.21</version>
156-
</dependency>
157152

158153
<dependency>
159154
<groupId>org.apache.flink</groupId>

common/pom.xml

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -89,10 +89,6 @@
8989
</exclusion>
9090
</exclusions>
9191
</dependency>
92-
<dependency>
93-
<groupId>org.apache.commons</groupId>
94-
<artifactId>commons-compress</artifactId>
95-
</dependency>
9692
<dependency>
9793
<groupId>org.slf4j</groupId>
9894
<artifactId>slf4j-api</artifactId>

pom.xml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,6 @@
8888
<mbknor.jsonschema.converter.version>1.0.39</mbknor.jsonschema.converter.version>
8989
<everit.json.schema.version>1.14.2</everit.json.schema.version>
9090
<classgraph.version>4.8.120</classgraph.version>
91-
<commons.compress.version>1.21</commons.compress.version>
9291
<commons.lang.version>3.8.1</commons.lang.version>
9392
<jackson.version>2.12.2</jackson.version>
9493
<!-- Protobuf -->
@@ -168,12 +167,18 @@
168167
<groupId>org.apache.avro</groupId>
169168
<artifactId>avro</artifactId>
170169
<version>${avro.version}</version>
170+
<exclusions>
171+
<exclusion>
172+
<groupId>org.apache.commons</groupId>
173+
<artifactId>commons-compress</artifactId>
174+
</exclusion>
175+
</exclusions>
171176
</dependency>
172-
<!-- Temporarily adding dependency on a transitive dependency to fix security bug in underlying library. Remove when dependency is upgraded. -->
177+
<!-- Exclude commons-compress globally due to vulns -->
173178
<dependency>
174179
<groupId>org.apache.commons</groupId>
175180
<artifactId>commons-compress</artifactId>
176-
<version>${commons.compress.version}</version>
181+
<scope>provided</scope>
177182
</dependency>
178183
<dependency>
179184
<groupId>org.apache.avro</groupId>

0 commit comments

Comments
 (0)