You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by Ryan Schmitt <rs...@apache.org> on 2023/02/13 21:54:15 UTC

org.brotli.dec 0.1.2 dependency in httpcomponents-client

I'm sending this along on behalf of a colleague who is having trouble
getting through to the distribution list.

----

Hi Apache client developers,

It looks like the org.brotli.dec dependency was updated upstream for three
years after the final version was published in Maven Central [1], including
fixing CVEs [2]. Is this a good dependency for the Apache Client [3]?

Aaron

[1] https://mvnrepository.com/artifact/org.brotli/dec
[2] https://github.com/google/brotli/releases/tag/v1.0.9
[3]
https://github.com/apache/httpcomponents-client/blob/3805eb6a588d88ba8662c95ac349b5d8612dfa85/pom.xml#L67

Re: org.brotli.dec 0.1.2 dependency in httpcomponents-client

Posted by Oleg Kalnichevski <ol...@apache.org>.

On Mon, 2023-02-13 at 13:54 -0800, Ryan Schmitt wrote:
> I'm sending this along on behalf of a colleague who is having trouble
> getting through to the distribution list.
> 
> ----
> 
> Hi Apache client developers,
> 
> It looks like the org.brotli.dec dependency was updated upstream for
> three
> years after the final version was published in Maven Central [1],
> including
> fixing CVEs [2]. Is this a good dependency for the Apache Client [3]?
> 

I am not sure anyone of us can give an answer to that question.

Oleg


> Aaron
> 
> [1] https://mvnrepository.com/artifact/org.brotli/dec
> [2] https://github.com/google/brotli/releases/tag/v1.0.9
> [3]
> https://github.com/apache/httpcomponents-client/blob/3805eb6a588d88ba8662c95ac349b5d8612dfa85/pom.xml#L67


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org