You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2022/11/27 13:34:15 UTC

[GitHub] [maven-dependency-plugin] elharo opened a new pull request, #268: [MDEP-831] remove unused beanutils dependency

elharo opened a new pull request, #268:
URL: https://github.com/apache/maven-dependency-plugin/pull/268

   @khmarbaise 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo commented on pull request #268: [MDEP-831] remove unused beanutils dependency

Posted by GitBox <gi...@apache.org>.

elharo commented on PR #268:
URL: https://github.com/apache/maven-dependency-plugin/pull/268#issuecomment-1336562239

   Adding an extra dependency is not the right way to handle this. DependencyManagement might be better but is not really right for this case either. This needs to be fixed in whatever dependency is pulling in the old version. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo merged pull request #268: [MDEP-831] remove unused beanutils dependency

Posted by GitBox <gi...@apache.org>.

elharo merged PR #268:
URL: https://github.com/apache/maven-dependency-plugin/pull/268


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] slawekjaranowski commented on pull request #268: [MDEP-831] remove unused beanutils dependency

Posted by GitBox <gi...@apache.org>.

slawekjaranowski commented on PR #268:
URL: https://github.com/apache/maven-dependency-plugin/pull/268#issuecomment-1336558063

   @elharo , @slachiewicz 
   
   It was added in order to override transitive version, now we have version 1.7.0 - please examine dependency tree
   
   Why we need newer version ... because of CVE ...
   
   Probably better place will be dependencyManagement for such case.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo commented on pull request #268: [MDEP-831] remove unused beanutils dependency

Posted by GitBox <gi...@apache.org>.

elharo commented on PR #268:
URL: https://github.com/apache/maven-dependency-plugin/pull/268#issuecomment-1336566149

   Seems like the correct way to handle this is by releasing org.apache.maven.doxia:doxia-site-renderer:2.0.0 and then upgrading the dependency plugin to that version. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] elharo commented on pull request #268: [MDEP-831] remove unused beanutils dependency

Posted by GitBox <gi...@apache.org>.

elharo commented on PR #268:
URL: https://github.com/apache/maven-dependency-plugin/pull/268#issuecomment-1328340435

   CI looks good: https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-dependency-plugin/job/bean/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [maven-dependency-plugin] slawekjaranowski commented on pull request #268: [MDEP-831] remove unused beanutils dependency

Posted by GitBox <gi...@apache.org>.

slawekjaranowski commented on PR #268:
URL: https://github.com/apache/maven-dependency-plugin/pull/268#issuecomment-1336863176

   You right fixing such issue at source is the best way, but until it happens we should have some workaround.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org