[GitHub] [skywalking] sonatype-lift[bot] commented on a change in pull request #7215: Upgrade etcd to v3

Thu, 01 Jul 2021 21:02:32 -0700 


sonatype-lift[bot] commented on a change in pull request #7215:
URL: https://github.com/apache/skywalking/pull/7215#discussion_r662721120



##########
File path: oap-server/server-cluster-plugin/cluster-etcd-plugin/pom.xml
##########
@@ -37,106 +37,54 @@
         </dependency>
 
         <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty-codec-dns</artifactId>
+            <groupId>io.etcd</groupId>
+            <artifactId>jetcd-core</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty-codec-http</artifactId>
+            <groupId>io.grpc</groupId>
+            <artifactId>grpc-core</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty-handler</artifactId>
+            <groupId>io.grpc</groupId>
+            <artifactId>grpc-netty</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>io.netty</groupId>
-            <artifactId>netty-resolver-dns</artifactId>
+            <groupId>io.grpc</groupId>
+            <artifactId>grpc-protobuf</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>org.mousio</groupId>
-            <artifactId>etcd4j</artifactId>
+            <groupId>io.grpc</groupId>
+            <artifactId>grpc-stub</artifactId>
         </dependency>
 
         <dependency>
-            <groupId>com.fasterxml.jackson.module</groupId>
-            <artifactId>jackson-module-afterburner</artifactId>
+            <groupId>io.grpc</groupId>
+            <artifactId>grpc-grpclb</artifactId>
         </dependency>
 
+        <dependency>

Review comment:
       *Critical OSS Vulnerability:*  &nbsp;
   ### pkg:maven/org.yaml/snakeyaml
   1 Critical, 0 Severe, 0 Moderate and 0 Unknown vulnerabilities have been 
found in a direct dependency 
   
   
   
   <!-- Lift_Details -->
   <details>
   <summary><b>CRITICAL Vulnerabilities (1)</b></summary>
   
   <ul>
   
     ***
     > #### [CVE-2017-18640] The Alias feature in SnakeYAML 1.18 allows entity 
expansion during a load operat...
     > The Alias feature in SnakeYAML 1.18 allows entity expansion during a 
load operation, a related issue to CVE-2003-1564.
     >
     > **CVSS Score:** 7.5
     >
     > **CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
   
     ***
   </ul>
   
   </details>
   
   (at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to