[
https://issues.apache.org/jira/browse/TINKERPOP-2185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16877851#comment-16877851
]
ASF GitHub Bot commented on TINKERPOP-2185:
-------------------------------------------
spmallette commented on pull request #1154: TINKERPOP-2185 Upgrade to
commons-configuration2
URL: https://github.com/apache/tinkerpop/pull/1154
https://issues.apache.org/jira/browse/TINKERPOP-2185
This swapped out pretty easily - though the changes show just how dependent
we are on the `Configuration` object which I'm not sure is so good. Being such
an integral part of our code, it was really hard to try to follow a deprecation
path from 3.4.x with this (though I tried). The change for most users should be
pretty simple and because the namespacing is different, there aren't any
collisions to worry about if someone remains dependent on 1.x for some reason.
All tests pass with `docker/build.sh -t -n -i`
VOTE +1
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use commons-configuration2 instead of commons-configuration
> -----------------------------------------------------------
>
> Key: TINKERPOP-2185
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2185
> Project: TinkerPop
> Issue Type: Bug
> Components: structure
> Affects Versions: 3.3.6, 3.4.1
> Reporter: Alex Ott
> Assignee: stephen mallette
> Priority: Major
> Labels: breaking
> Fix For: 3.5.0
>
>
> Product called Whitesource reports vulnerabilities in the
> commons-configuration 1.10 that is dependency of the gremlin-core module. As
> result, some projects couldn't be allowed to production because of the
> failing check.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
