[NOID] Update snyk recommended dependencies #3935
Conversation
gem-neo4j
added
4.4
team-cypher-surface
gem-neo4j
force-pushed
the
4.4_snyk_updates
branch
from
80cf7a0
to
306568f
Compare
| @@ -2827,6 +2826,7 @@ MIT | |||
| neo4j-1.17.6.jar | |||
| postgresql-1.17.6.jar | |||
| slf4j-api-1.7.36.jar | |||
| slf4j-api-2.0.11.jar | |||
There was a problem hiding this comment.
Is it expected to have two versions of slf4j?
There was a problem hiding this comment.
We have the same in 5.x currently, I'm not 100% in on how all this works, but it seems to be at least when I run the ./gradlew dependencies check that all slf4j deps that are of the slf4j-api-1.7.36.jar version are only in the 4.4 snapshot, and everywhere else in that check (e.g runtimeClasspath) is the other verison 👀
| @@ -9,7 +9,7 @@ dependencies { | |||
| testImplementation project(':test-utils') | |||
| testImplementation project(':core').sourceSets.test.output | |||
|
|
|||
| testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.425' | |||
| testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.646' | |||
| testImplementation group: 'org.xmlunit', name: 'xmlunit-core', version: '2.9.1' | |||
There was a problem hiding this comment.
I'm aware that there are already these AWS dependencies in Neo4j, but I think they were added by clustering in Neo4j 5 only right?
There was a problem hiding this comment.
I think in general the aws deps are compileOnly or testImplementation anyway? So the extra dependencies are added using an extra jar if needed (even if it were in Neo), if I understood correctly 😅
gem-neo4j
force-pushed
the
4.4_snyk_updates
branch
from
306568f
to
377e63d
Compare
Update amazon and jsonpath dependencies