Closed mezhangremoterepository closed 2 weeks ago
cc @zhoulii
Hi @mezhangremoterepository , Thanks for your feedback. But streampark 2.1.0 does not contains commons-text-1.6.jar
, so I'm a little confused about this issue, can you provide more info ?
发自我的 iPhone在 2023年5月18日,13:40,zhoulii @.***> 写道: When using bulid file to build bin package, the package will be downloaded. Because I configured high-risk vulnerability interception to prevent downloading this package, I can only see relevant interception information. I checked the pom file and found that the package commons-text-1.6.jar was not relied on, so I was also confused about why this package was used. Hi @mezhangremoterepository , Thanks for your feedback. But streampark 2.1.0 does not contains commons-text-1.6.jar, so I'm a little confused about this issue, can you provide more info ?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>
Hi @mezhangremoterepository , Thanks for your reply. After some digging, I found that commons-text-1.6.jar
is a transitive dependency of spark-core
, it is only used on build stage, and streampack won't pack it into the dist, so It's not a bug to me, sorry for not being helpful.
fixed
Search before asking
Java Version
No response
Scala Version
2.11.x
StreamPark Version
2.1.0
Flink Version
1.14.5
deploy mode
None
What happened
When I use build to build, I refer to commons-text-1.6.jar, which contains a high-risk vulnerability
Error Exception
No response
Screenshots
No response
Are you willing to submit PR?
Code of Conduct