Strip dependencies from REST client #6457
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #6457 +/- ##
======================================
Coverage 0.00% 0.00%
======================================
Files 675 675
Lines 41641 41641
Branches 5685 5685
======================================
Misses 41641 41641 ☔ View full report in Codecov by Sentry. |
Member
Author
|
I believe dep check script reports a false negative result, could you please confirm that? @cfmcgrady |
cfmcgrady
approved these changes
Jun 7, 2024
pan3793
added a commit
that referenced
this pull request
Jun 7, 2024
# 🔍 Description This PR removes two dependencies from the `kyuubi-rest-client` module - `commons-collections` - has CVE Cx78f40514-81ff and is only used in one place, just rewrite to remove the dependency - `javax.servlet-api` - only used for UT, correct the scope from `compile` to `test` ## Types of changes 🔖 - [ ] Bugfix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) ## Test Plan 🧪 Pass GHA --- # Checklist 📝 - [x] This patch was not authored or co-authored using [Generative Tooling](https://www.apache.org/legal/generative-tooling.html) **Be nice. Be informative.** Closes #6457 from pan3793/rest-client-dep. Closes #6457 c24af70 [Cheng Pan] dep list 80969d0 [Cheng Pan] nit 950d4b7 [Cheng Pan] fix 1692819 [Cheng Pan] fix import c068ba1 [Cheng Pan] nit d46653d [Cheng Pan] fix ca78317 [Cheng Pan] Strip dependencies from REST client Authored-by: Cheng Pan <chengpan@apache.org> Signed-off-by: Cheng Pan <chengpan@apache.org> (cherry picked from commit f7e8d69) Signed-off-by: Cheng Pan <chengpan@apache.org>
Member
Author
|
Thanks, merged to master/1.9 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🔍 Description
This PR removes two dependencies from the
kyuubi-rest-clientmodulecommons-collections- has CVE Cx78f40514-81ff and is only used in one place, just rewrite to remove the dependencyjavax.servlet-api- only used for UT, correct the scope fromcompiletotestTypes of changes 🔖
Test Plan 🧪
Pass GHA
Checklist 📝
Be nice. Be informative.