search

johnrengelman / shadow

Gradle plugin to create fat/uber JARs, apply file transforms, and relocate packages for applications and libraries. Gradle version of Maven's Shade plugin.
http://imperceptiblethoughts.com/shadow/
Apache License 2.0
3.58k stars 386 forks source link

How can i upgrade the jackson-databin jar version that included in the shade jar htrace-core4 #914

Open Eason897 opened 1 month ago

Eason897 commented 1 month ago

Please check the User Guide before submitting "how do I do 'x'?" questions!

Shadow Version

4.0.0

Gradle Version

4.10.3

Expected Behavior:

I want to upgrade the jackson databin version in the htrace-core4:4.1.0-incubating jar package, which is an uber jar. The renamed jackson databin version is 2.4.0, which contains a high-risk vulnerability. For example, CVE-2017-17485.I want to upgrade the jackson databin to version 2.15.2.

Actual Behavior

I don't know how to do it

Gradle Build Script(s)

Content of Shadow JAR (jar tf <jar file> - post link to GIST if too long)

Eason897 commented 1 month ago

20240404-155640

Eason897 commented 1 month ago

maven can handle like this: 20240404-161003