commit | a445728a2ab1f6b6805c6904126fb039d71d8faf | [log] [tgz] |
---|---|---|
author | Lari Hotari <lhotari@users.noreply.github.com> | Mon Jun 28 00:58:39 2021 +0300 |
committer | GitHub <noreply@github.com> | Sun Jun 27 14:58:39 2021 -0700 |
tree | a55f1b6820e410b44155bbd3cd96b629ed859cb0 | |
parent | 6a19e0e3b8d76b5abb872a4cce81f99cbdf36a88 [diff] |
[Build/Security] Upgrade Freebuilder version and fix the dependency Fixes #2732 ### Motivation - Freebuilder 1.14.9 contains an outdate jquery js file which causes the library to be flagged as vulnerable with the highest threat level in Sonatype IQ vulnerability scanner. This also flags Bookkeeper and Pulsar as vulnerable with the highest threat level although it is a false positive and not an actual threat. - Freebuilder shouldn't be exposed as a transitive dependency - it's an annotation processor which should be defined - [optional in maven](https://github.com/inferred/FreeBuilder#maven) - [compileOnly in gradle](https://github.com/inferred/FreeBuilder#gradle) ### Changes - upgrade [Freebuilder](https://github.com/inferred/FreeBuilder) from 1.14.9 to 2.7.0 - make dependency optional in maven pom.xml - use `compileOnly` instead of `implementation` in gradle build Reviewers: Sijie Guo <None> This closes #2734 from lhotari/lh-fix-freebuilder-dependency-issue
Apache BookKeeper is a scalable, fault tolerant and low latency storage service optimized for append-only workloads.
It is suitable for being used in following scenarios:
Please visit the Documentation from the project website for more information.
For filing bugs, suggesting improvements, or requesting new features, help us out by opening a Github issue or opening an Apache jira.
Subscribe or mail the user@bookkeeper.apache.org list - Ask questions, find answers, and also help other users.
Subscribe or mail the dev@bookkeeper.apache.org list - Join development discussions, propose new ideas and connect with contributors.
Join us on Slack - This is the most immediate way to connect with Apache BookKeeper committers and contributors.
We feel that a welcoming open community is important and welcome contributions.
See Developer Setup to get your local environment setup.
Take a look at our open issues: JIRA Issues Github Issues.
Review our coding style and follow our pull requests to learn about our conventions.
Make your changes according to our contribution guide.