You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "stephen mallette (JIRA)" <ji...@apache.org> on 2019/02/19 19:25:00 UTC
[jira] [Closed] (TINKERPOP-2162) Your project apache/tinkerpop is
using buggy third-party libraries [WARNING]
[ https://issues.apache.org/jira/browse/TINKERPOP-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
stephen mallette closed TINKERPOP-2162.
---------------------------------------
Resolution: Incomplete
There are two dependencies listed where the versions do not match what we currently have. That can be said of slf4j-api and commons-io.
As for commons-lang, 2.6 is the last version before commons-lang3, so there's nothing to upgrade there except to upgrade everything to that new artifact but I'm not so sure we rely on commons-lang so much as it's an inherited dependency. I guess that can be examined further.
I can look at the other dependencies as possible upgrade targets, but will close this issue since there won't be any pull requests submitted against this specifically. I will open new issues as required.
> Your project apache/tinkerpop is using buggy third-party libraries [WARNING]
> ----------------------------------------------------------------------------
>
> Key: TINKERPOP-2162
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2162
> Project: TinkerPop
> Issue Type: Bug
> Reporter: Kaifeng Huang
> Priority: Major
>
> Hi, there!
> We are a research team working on third-party library analysis. We have found that some widely-used third-party libraries in your project have major/critical bugs, which will degrade the quality of your project. We highly recommend you to update those libraries to new versions.
> We have attached the buggy third-party libraries and corresponding jira issue links below for you to have more detailed information.
> 1. org.slf4j slf4j-api
> version: 1.7.12
> Jira issues:
> Initializing org.slf4j.helpers.Util fails if SecurityManager denies "createSecurityManager"
> affectsVersions:1.7.12
> https://jira.qos.ch/projects/SLF4J/issues/SLF4J-324?filter=allopenissues
> jul-to-slf4j inconsistent message format
> affectsVersions:1.7.12
> https://jira.qos.ch/projects/SLF4J/issues/SLF4J-337?filter=allopenissues
> 2. org.apache.httpcomponents httpclient
> version: 4.5.5
> Jira issues:
> connection leak issue when OutOfMemory
> affectsVersions:4.5.3;4.5.4;4.5.5
> https://issues.apache.org/jira/projects/HTTPCLIENT/issues/HTTPCLIENT-1924?filter=allopenissues
> 3. commons-io commons-io
> version: 2.4
> Jira issues:
> IOUtils copyLarge() and skip() methods are performance hogs
> affectsVersions:2.3;2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-355?filter=allopenissues
> CharSequenceInputStream#reset() behaves incorrectly in case when buffer size is not dividable by data size
> affectsVersions:2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-356?filter=allopenissues
> [Tailer] InterruptedException while the thead is sleeping is silently ignored
> affectsVersions:2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-357?filter=allopenissues
> IOUtils.contentEquals* methods returns false if input1 == input2; should return true
> affectsVersions:2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-362?filter=allopenissues
> Apache Commons - standard links for documents are failing
> affectsVersions:2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-369?filter=allopenissues
> FileUtils.sizeOfDirectoryAsBigInteger can overflow
> affectsVersions:2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-390?filter=allopenissues
> Regression in FileUtils.readFileToString from 2.0.1
> affectsVersions:2.1;2.2;2.3;2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-453?filter=allopenissues
> Correct exception message in FileUtils.getFile(File; String...)
> affectsVersions:2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-479?filter=allopenissues
> org.apache.commons.io.FileUtils#waitFor waits too long
> affectsVersions:2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-481?filter=allopenissues
> FilenameUtils should handle embedded null bytes
> affectsVersions:2.4
> https://issues.apache.org/jira/projects/IO/issues/IO-484?filter=allopenissues
> Exceptions are suppressed incorrectly when copying files.
> affectsVersions:2.4;2.5
> https://issues.apache.org/jira/projects/IO/issues/IO-502?filter=allopenissues
> 4. commons-codec commons-codec
> version: 1.6
> Jira issues:
> QuotedPrintableCodec does not support soft line break per the 'quoted-printable' example on Wikipedia
> affectsVersions:1.5;1.6
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-121?filter=allopenissues
> BeiderMorseEncoder OOM issues
> affectsVersions:1.6
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-132?filter=allopenissues
> BeiderMorse phonetic filter give uncertain results
> affectsVersions:1.6
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-147?filter=allopenissues
> DigestUtils.getDigest(String) looses the orginal exception
> affectsVersions:1.6
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-152?filter=allopenissues
> DigestUtils.getDigest(String) should throw IllegalArgumentException instead of RuntimeException
> affectsVersions:1.6
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-155?filter=allopenissues
> DigestUtils: add APIs named after standard alg name SHA-1
> affectsVersions:1.6
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-156?filter=allopenissues
> BaseNCodecOutputStream only supports writing EOF on close()
> affectsVersions:1.6
> https://issues.apache.org/jira/projects/CODEC/issues/CODEC-183?filter=allopenissues
> 5. org.slf4j jcl-over-slf4j
> version: 1.7.21
> Jira issues:
> Cannot re-initialize the SimpleLogger anymore.
> affectsVersions:1.7.21
> https://jira.qos.ch/projects/SLF4J/issues/SLF4J-370?filter=allopenissues
> Marker lost in EventRecodingLogger
> affectsVersions:1.7.21
> https://jira.qos.ch/projects/SLF4J/issues/SLF4J-379?filter=allopenissues
> Support for JCL 1.2
> affectsVersions:1.7.21
> https://jira.qos.ch/projects/SLF4J/issues/SLF4J-383?filter=allopenissues
> 6. org.slf4j slf4j-api
> version: 1.7.21
> Jira issues:
> Cannot re-initialize the SimpleLogger anymore.
> affectsVersions:1.7.21
> https://jira.qos.ch/projects/SLF4J/issues/SLF4J-370?filter=allopenissues
> Marker lost in EventRecodingLogger
> affectsVersions:1.7.21
> https://jira.qos.ch/projects/SLF4J/issues/SLF4J-379?filter=allopenissues
> Support for JCL 1.2
> affectsVersions:1.7.21
> https://jira.qos.ch/projects/SLF4J/issues/SLF4J-383?filter=allopenissues
> 7. commons-lang commons-lang
> version: 2.6
> Jira issues:
> Remove unnecessary synchronization from registry lookup in EqualsBuilder and HashCodeBuilder
> affectsVersions:2.6
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1230?filter=allopenissues
> LocaleUtils - DCL idiom is not thread-safe
> affectsVersions:2.6
> https://issues.apache.org/jira/projects/LANG/issues/LANG-803?filter=allopenissues
> Exception when combining custom and choice format in ExtendedMessageFormat
> affectsVersions:2.5;2.6
> https://issues.apache.org/jira/projects/LANG/issues/LANG-917?filter=allopenissues
> 8. org.apache.commons commons-lang3
> version: 3.3.1
> Jira issues:
> NumberUtils#createNumber() returns positive BigDecimal when negative Float is expected
> affectsVersions:3.x
> https://issues.apache.org/jira/projects/LANG/issues/LANG-1087?filter=allopenissues
> Sincerely~
> FDU Software Engineering Lab
> Feb 15th, 2019
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)