-
Notifications
You must be signed in to change notification settings - Fork 490
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[NOID] Update snyk recommended dependencies #3935
Conversation
80cf7a0
to
306568f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couple of observations but other than that, LGTM 👍
@@ -2827,6 +2826,7 @@ MIT | |||
neo4j-1.17.6.jar | |||
postgresql-1.17.6.jar | |||
slf4j-api-1.7.36.jar | |||
slf4j-api-2.0.11.jar |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it expected to have two versions of slf4j?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have the same in 5.x currently, I'm not 100% in on how all this works, but it seems to be at least when I run the ./gradlew dependencies check that all slf4j deps that are of the slf4j-api-1.7.36.jar version are only in the 4.4 snapshot, and everywhere else in that check (e.g runtimeClasspath) is the other verison 👀
@@ -9,7 +9,7 @@ dependencies { | |||
testImplementation project(':test-utils') | |||
testImplementation project(':core').sourceSets.test.output | |||
|
|||
testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.425' | |||
testImplementation group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.646' | |||
testImplementation group: 'org.xmlunit', name: 'xmlunit-core', version: '2.9.1' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm aware that there are already these AWS dependencies in Neo4j, but I think they were added by clustering in Neo4j 5 only right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think in general the aws deps are compileOnly or testImplementation anyway? So the extra dependencies are added using an extra jar if needed (even if it were in Neo), if I understood correctly 😅
306568f
to
377e63d
Compare
Update amazon and jsonpath dependencies