You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by Ryan Schmitt <rs...@apache.org> on 2023/02/13 21:54:15 UTC
org.brotli.dec 0.1.2 dependency in httpcomponents-client
I'm sending this along on behalf of a colleague who is having trouble
getting through to the distribution list.
----
Hi Apache client developers,
It looks like the org.brotli.dec dependency was updated upstream for three
years after the final version was published in Maven Central [1], including
fixing CVEs [2]. Is this a good dependency for the Apache Client [3]?
Aaron
[1] https://mvnrepository.com/artifact/org.brotli/dec
[2] https://github.com/google/brotli/releases/tag/v1.0.9
[3]
https://github.com/apache/httpcomponents-client/blob/3805eb6a588d88ba8662c95ac349b5d8612dfa85/pom.xml#L67
Re: org.brotli.dec 0.1.2 dependency in httpcomponents-client
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Mon, 2023-02-13 at 13:54 -0800, Ryan Schmitt wrote:
> I'm sending this along on behalf of a colleague who is having trouble
> getting through to the distribution list.
>
> ----
>
> Hi Apache client developers,
>
> It looks like the org.brotli.dec dependency was updated upstream for
> three
> years after the final version was published in Maven Central [1],
> including
> fixing CVEs [2]. Is this a good dependency for the Apache Client [3]?
>
I am not sure anyone of us can give an answer to that question.
Oleg
> Aaron
>
> [1] https://mvnrepository.com/artifact/org.brotli/dec
> [2] https://github.com/google/brotli/releases/tag/v1.0.9
> [3]
> https://github.com/apache/httpcomponents-client/blob/3805eb6a588d88ba8662c95ac349b5d8612dfa85/pom.xml#L67
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org