This is an automated email from the ASF dual-hosted git repository. stoty pushed a commit to branch 5.1 in repository https://gitbox.apache.org/repos/asf/phoenix.git
The following commit(s) were added to refs/heads/5.1 by this push: new 569f931d8e PHOENIX-7181 Do not declare commons-configuration2 dependency 569f931d8e is described below commit 569f931d8e1dae1990a26f40a445b6920e11be08 Author: Istvan Toth <st...@apache.org> AuthorDate: Mon Jan 15 15:39:03 2024 +0100 PHOENIX-7181 Do not declare commons-configuration2 dependency --- phoenix-core/pom.xml | 4 ---- pom.xml | 13 +++++++------ 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/phoenix-core/pom.xml b/phoenix-core/pom.xml index 22c81d9d00..3f6193793a 100644 --- a/phoenix-core/pom.xml +++ b/phoenix-core/pom.xml @@ -500,10 +500,6 @@ <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> </dependency> - <dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-configuration2</artifactId> - </dependency> <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> diff --git a/pom.xml b/pom.xml index ddf4ac6495..c923b3e6f6 100644 --- a/pom.xml +++ b/pom.xml @@ -121,7 +121,6 @@ <commons-csv.version>1.0</commons-csv.version> <commons-compress.version>1.21</commons-compress.version> <sqlline.version>1.9.0</sqlline.version> - <commons-configuration2.version>2.1.1</commons-configuration2.version> <jcip-annotations.version>1.0-1</jcip-annotations.version> <jsr305.version>2.0.1</jsr305.version> <snappy.version>0.3</snappy.version> @@ -450,6 +449,13 @@ <!-- These change too frequently, so we just rely on the hbase transitive deps --> org.apache.hbase.thirdparty:* </ignoredUsedUndeclaredDependency> + <ignoredUsedUndeclaredDependency> + <!-- We only need this because the Hadoop Metrics API leak. + By not declaring the dependency, we can pick up the CVE fixed version from Hadoop + without having to also declare a dependency on commons-text dependency + (which we do not use directly at all)--> + org.apache.commons:commons-configuration2 + </ignoredUsedUndeclaredDependency> </ignoredUsedUndeclaredDependencies> </configuration> <executions> @@ -1434,11 +1440,6 @@ <artifactId>commons-lang3</artifactId> <version>${commons-lang.version}</version> </dependency> - <dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-configuration2</artifactId> - <version>${commons-configuration2.version}</version> - </dependency> <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId>