Vladimir Sitnikov created CALCITE-7259:
------------------------------------------
Summary: Drop commons-lang3 dependency
Key: CALCITE-7259
URL: https://issues.apache.org/jira/browse/CALCITE-7259
Project: Calcite
Issue Type: Improvement
Affects Versions: 1.40.0
Reporter: Vladimir Sitnikov
Currently Calcite uses only a few classes from commons-lang3, and it would
probably be worth dropping the dependency for the following reasons:
1) Better security. commons-* follows "all features in a single jar" pattern,
so a CVE in one of the classes would impact Calcite
2) Fewer bytes to ship with binary distribution for the end-users:
`commons-lang3` is ~690K
I have raised a suggestion to make commons-lang3 modular and extract modules
like commons-stringutils, commons-arrayutils, however, {{Commons}} team does
not seem to like the idea.
Commons PMC members often suggest that users should clone the code or shade
commons-lang, see
https://lists.apache.org/thread/xzdhv57o9rnxtzn5fqbtkzj0hdkbm339
So I wonder what do you think of dropping commons-lang3 and replacing it with
core Java?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
