Closed cnsgithub closed 8 months ago
Just for the sake of documenting collisions, OWASP using guava 19.0 makes it incompatible with graphql-java-tools 5.2.4, and graphql-java-servlet 6.2.0.
Duly noted. Thank you for this update.
On 10/24/18 9:46 AM, Jacob Pozaic wrote:
Just for the sake of documenting collisions, OWASP using guava 19.0 makes it incompatible with graphql-java-tools 5.2.4, and graphql-java-servlet 6.2.0.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/OWASP/java-html-sanitizer/issues/157#issuecomment-432662908, or mute the thread https://github.com/notifications/unsubscribe-auth/AAgcCahYZJqTdENdGSUWDBROVAa0NKD1ks5uoG9JgaJpZM4XZF3M.
@mikesamuel is there a possibilty to move away from guava? other owasp libs (like esapi or encoder) doesn't use guava AFAICS
we could even do the change probably and provide a PR for it.
Most imports seem to be optional after using Java 8+ and reimplement some functionality
After having this open for almost five years now and a having pull request #272 open for resolving it, could you please reconsider removing this dependency?
still interested in this issue: Primefaces is using this sanitizer and as a result it gets Guava on board. Any way that Guava can be ditched? Thank you!
Hi,
I'd like to use owasp-java-html-sanitizer in PrimeFaces (a popular JSF component suite). However, because of very restrictive policies regarding the use of third-party policies my PR cannot be merged.
The problem is the dependency to guava, which is a really big one that is also widely used and therefore version conflicts are conceivable.
So I come to the question if it would be possible for you to provide an additional all-in-one version of owasp-java-html-sanitizer having the guava dependency shaded?
Please see https://github.com/primefaces/primefaces/issues/3214 for the reasons why my PR was reverted.
Thanks.