Abacn commented on PR #35643: URL: https://github.com/apache/beam/pull/35643#issuecomment-3104748211
> Are these files used anywhere other than from trackers ? They are not used, and not all depdendency jars has `META-INF/maven`, for example, none of the Apache Iceberg jars contain`META-INF/maven` dirs. > won't this result in actual vulnerabilities from being suppressed ? If so I suggest just excluding the calcite dependency in question here. Yes this is a side effect. The challenge is that Gradle shadow plugin does not provide this level of granularity. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: github-unsubscr...@beam.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
