Vladimir Sitnikov created XGC-148:
-------------------------------------
Summary: Drop commons-io dependency
Key: XGC-148
URL: https://issues.apache.org/jira/browse/XGC-148
Project: XMLGraphicsCommons
Issue Type: Improvement
Affects Versions: 2.11
Reporter: Vladimir Sitnikov
Currently, xmlgraphics-commons depends on commons-io (550KiB jar), however only
a few methods are used there: {{IOUtils.closeQuitely}} and
{{ByteArrayOutputStream}}.
There are the following problems:
1) 500KiB is an extra dependency
2) A single CVE in commons-io might affect all the consumers for
xmlgraphics-commons
3) IOUtils.closeQuitely might be replaced with try-with-resources.
Could you please drop the dependency?
I could help with the PR to remove the dependency.
See:
* https://github.com/JetBrains/lets-plot/issues/1421
* https://github.com/JetBrains/lets-plot/issues/1231
Context: I'm managing Apache JMeter dependencies, and xmlgraphics-commons is
the only component that requires commons-io
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
