It is not a real dependency, so should not be any issue. I am not sure why your tool flags it at all.
On Thu, Apr 28, 2022 at 10:04 PM Sundar Sabapathi Meenakshi < sun...@mcruncher.com> wrote: > Hi all, > > I am using spark-sql_2.12 dependency version 3.2.1 in my > project. My dependency tracker highlights the transitive dependency > "unused" from spark-sql_2.12 as vulnerable. I check there is no update > for these artifacts since 2014. Is the artifact used anywhere in spark ? > > To resolve this vulnerability, can I exclude this "unused" artifact from > spark-sql_2.12 ? Will it cause any issues in my project ? > > > --------------------------------------------------------------------- > To unsubscribe e-mail: user-unsubscr...@spark.apache.org