Skip to content

Investigate dependencies #1745

New issue
New issue
Open
#2386
Open
Investigate dependencies#1745
#2386
Labels
dependenciesPull requests that update a dependency file
Milestone
 
0.9.0
@chernser

Description

@chernser
chernser
opened on Jul 24, 2024

Describe the bug

We should investigate what exactly is in each release artifact and why they exist, to see if we can reduce the number (and avoid confusion). cough shaded-all cough

Old Description:
There are some confusing dependencies. For example, clickhouse-jdbc (https://mvnrepository.com/artifact/com.clickhouse/clickhouse-jdbc) has:

  • com.clickhouse » org.apache.commons.compress 1.9.2
  • com.clickhouse » io.grpc 1.9.2
  • com.clickhouse » org.roaringbitmap 1.9.2

What confuses:

  • version.
  • org.apache.commons.compress - this package had vulnerabilities in early versions

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependenciesPull requests that update a dependency file

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions