You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the artifact uk.gov.nationalarchives:droid-container:6.7.0 has a dependency on commons-httpclient:commons-httpclient:3.1. IntelliJ IDEA flags this as having the following problems:
Closer inspection tells me that it's the class uk.gov.nationalarchives.droid.container.httpservice.ContainerSignatureHttpService that is dependent on commons-httpclient. And as far as I can tell, no other classes in the droid artifacts (droid-api, droid-container, droid-core, droid-core-interfaces, droid-parent) have any dependency on that class.
I use the artifact droid-api (and thus droid-container) as a library in software that we develop and I'm pretty sure that the class ContainerSignatureHttpService is never used, so nor is the dependency commons-httpclient. All in all the problem seems relatively small.
Still, it might be nice to refactor the mentioned class to use a newer version of HttpClient (say, 4.x or even 5.x).
The text was updated successfully, but these errors were encountered:
arnovdk
changed the title
Bump dependency commons-httpclient to
Bump dependency commons-httpclient
Jan 26, 2024
Thanks for pointing it out, Droid uses the dependency-check-maven plugin and the build fails if the vulnerability is severe. Looks like one of them is missing out on score.
Currently, the artifact
uk.gov.nationalarchives:droid-container:6.7.0
has a dependency oncommons-httpclient:commons-httpclient:3.1
. IntelliJ IDEA flags this as having the following problems:Closer inspection tells me that it's the class
uk.gov.nationalarchives.droid.container.httpservice.ContainerSignatureHttpService
that is dependent oncommons-httpclient
. And as far as I can tell, no other classes in the droid artifacts (droid-api
,droid-container
,droid-core
,droid-core-interfaces
,droid-parent
) have any dependency on that class.I use the artifact
droid-api
(and thusdroid-container
) as a library in software that we develop and I'm pretty sure that the classContainerSignatureHttpService
is never used, so nor is the dependencycommons-httpclient
. All in all the problem seems relatively small.Still, it might be nice to refactor the mentioned class to use a newer version of HttpClient (say, 4.x or even 5.x).
The text was updated successfully, but these errors were encountered: