virajjasani commented on issue #505: HBASE-22863 : Cleanup transitive Jackson1
vulnerable dependencies(forward-port HBASE-22728)
URL: https://github.com/apache/hbase/pull/505#issuecomment-522288323
> Is it safe to just exclude these transitive dependencies? At least hadoop
adds them as dep
virajjasani commented on issue #505: HBASE-22863 : Cleanup transitive Jackson1
vulnerable dependencies(forward-port HBASE-22728)
URL: https://github.com/apache/hbase/pull/505#issuecomment-522289864
> So we need to add the jackson dependency explicitly as a test dependency
in our own pom as
virajjasani commented on issue #505: HBASE-22863 : Cleanup transitive Jackson1
vulnerable dependencies(forward-port HBASE-22728)
URL: https://github.com/apache/hbase/pull/505#issuecomment-522290007
That is already included from hadoop-minicluster only, but at test scop:
```
[INFO] ---
virajjasani commented on issue #505: HBASE-22863 : Cleanup transitive Jackson1
vulnerable dependencies(forward-port HBASE-22728)
URL: https://github.com/apache/hbase/pull/505#issuecomment-522291730
Let me provide the full dependency tree for Jackson1 with this patch:
```
[INFO] --- ma
virajjasani commented on issue #505: HBASE-22863 : Cleanup transitive Jackson1
vulnerable dependencies(forward-port HBASE-22728)
URL: https://github.com/apache/hbase/pull/505#issuecomment-523302074
Thanks for the review @Apache9 @Reidd
We have +1 overall from QA also.
For bra
virajjasani commented on issue #505: HBASE-22863 : Cleanup transitive Jackson1
vulnerable dependencies(forward-port HBASE-22728)
URL: https://github.com/apache/hbase/pull/505#issuecomment-523427049
@Apache9 @Reidd
Could you please help me merge this? Patch for branch-2 is also avail