You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Claus Ibsen (Jira)" <ji...@apache.org> on 2021/02/26 12:48:00 UTC
[jira] [Updated] (CAMEL-16268) camel-xstream - Testdependency of
junit-vintage-engine not set to scope test
[ https://issues.apache.org/jira/browse/CAMEL-16268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen updated CAMEL-16268:
--------------------------------
Summary: camel-xstream - Testdependency of junit-vintage-engine not set to scope test (was: Testdependency of junit-vintage-engine not set to scope test)
> camel-xstream - Testdependency of junit-vintage-engine not set to scope test
> ----------------------------------------------------------------------------
>
> Key: CAMEL-16268
> URL: https://issues.apache.org/jira/browse/CAMEL-16268
> Project: Camel
> Issue Type: Task
> Components: camel-xstream
> Affects Versions: 3.4.5, 3.7.2
> Reporter: Maarten Donderwinkel
> Priority: Minor
> Fix For: 3.7.3, 3.9.0
>
>
> When using the component 'camel-xstream' the dependency for junit-vintage-engine and with that Junit 4.13 comes along.
> This seems to be caused because the dependency for junit-vintage-engine isn't set to the scope test (like the other test dependencies).
> Given that test dependencies shouldn't be in production builds (and junit 4.13 contains a vulnerability (see [ossindex.sonatype.org|https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1?component-type=maven&component-name=junit.junit&utm_source=dependency-check&utm_medium=integration&utm_content=6.1.1])), please set the scope to test.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)