wolfboys
commented
1 year ago cc @zhoulii
Closed mezhangremoterepository closed 2 weeks ago
wolfboys
commented
1 year ago cc @zhoulii
zhoulii
commented
1 year ago Hi @mezhangremoterepository , Thanks for your feedback. But streampark 2.1.0 does not contains commons-text-1.6.jar, so I'm a little confused about this issue, can you provide more info ?
mezhangremoterepository
commented
1 year ago 发自我的 iPhone在 2023年5月18日,13:40,zhoulii @.***> 写道: When using bulid file to build bin package, the package will be downloaded. Because I configured high-risk vulnerability interception to prevent downloading this package, I can only see relevant interception information. I checked the pom file and found that the package commons-text-1.6.jar was not relied on, so I was also confused about why this package was used. Hi @mezhangremoterepository , Thanks for your feedback. But streampark 2.1.0 does not contains commons-text-1.6.jar, so I'm a little confused about this issue, can you provide more info ?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>
zhoulii
commented
1 year ago Hi @mezhangremoterepository , Thanks for your reply. After some digging, I found that commons-text-1.6.jar is a transitive dependency of spark-core, it is only used on build stage, and streampack won't pack it into the dist, so It's not a bug to me, sorry for not being helpful.
wolfboys
commented
2 weeks ago fixed
Search before asking
Java Version
No response
Scala Version
2.11.x
StreamPark Version
2.1.0
Flink Version
1.14.5
deploy mode
None
What happened
When I use build to build, I refer to commons-text-1.6.jar, which contains a high-risk vulnerability
Error Exception
No response
Screenshots
No response
Are you willing to submit PR?
Code of Conduct