is inherited from their parent module. However, it is not used by itstack-demo-design-18-00, itstack-demo-design-20-01, itstack-demo-design-3-00, itstack-demo-design-4-00, itstack-demo-design-9-00. We can perform refactoring operations in the pom, by removing such redundant dependencies in itstack-demo-design-18-00, itstack-demo-design-20-01, itstack-demo-design-3-00, itstack-demo-design-4-00, itstack-demo-design-9-00.
Specifically, the scope of org.slf4j:jcl-over-slf4j, ch.qos.logback:logback-classic in itstack-demo-design-18-00, itstack-demo-design-20-01, itstack-demo-design-3-00, itstack-demo-design-4-00, itstack-demo-design-9-00 can be changed from compile to provided. The revisions in the pom are described as follows:
Removing the redundant dependencies can reduce the size of project and prevent potential dependency conflict issues (i.e., multiple versions of the same library). More importantly, one of the redundant dependencies ch.qos.logback:logback-core:jar:1.0.9:compile incorporates a medium-level vulnerability SNYK-JAVA-CHQOSLOGBACK-1726923.
This figure presents the dependency tree between multiple modules in itstack-demo-design. As shown in this figure, Library
ch.qos.logback:logback-core:jar:1.0.9:compile org.slf4j:jcl-over-slf4j:jar:1.7.5:compile ch.qos.logback:logback-classic:jar:1.0.9:compile
in **_itstack-demo-design-1-01
is inherited from their parent module. However, it is not used by itstack-demo-design-18-00, itstack-demo-design-20-01, itstack-demo-design-3-00, itstack-demo-design-4-00, itstack-demo-design-9-00. We can perform refactoring operations in the pom, by removing such redundant dependencies in itstack-demo-design-18-00, itstack-demo-design-20-01, itstack-demo-design-3-00, itstack-demo-design-4-00, itstack-demo-design-9-00.
Specifically, the scope of org.slf4j:jcl-over-slf4j, ch.qos.logback:logback-classic in itstack-demo-design-18-00, itstack-demo-design-20-01, itstack-demo-design-3-00, itstack-demo-design-4-00, itstack-demo-design-9-00 can be changed from compile to provided. The revisions in the pom are described as follows:
Removing the redundant dependencies can reduce the size of project and prevent potential dependency conflict issues (i.e., multiple versions of the same library). More importantly, one of the redundant dependencies ch.qos.logback:logback-core:jar:1.0.9:compile incorporates a medium-level vulnerability SNYK-JAVA-CHQOSLOGBACK-1726923.