Skip to content

Commit 11b5809

Browse files
PhongChuongPhongChuong
authored
deps: exclude io.netty:netty-common from org.apache.arrow:arrow-memor… (#3715)
* deps: exclude io.netty:netty-common from org.apache.arrow:arrow-memory-netty * use dep version override instead of exclusion * use dep version override instead of exclusion * ignoredUnusedDeclaredDependencies
1 parent 9eb555f commit 11b5809

File tree

2 files changed

+33
-0
lines changed

2 files changed

+33
-0
lines changed

google-cloud-bigquery/pom.xml

+31
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
</parent>
1616
<properties>
1717
<site.installationModule>google-cloud-bigquery</site.installationModule>
18+
<netty.version>4.1.118.Final</netty.version>
1819
</properties>
1920
<dependencies>
2021
<dependency>
@@ -116,6 +117,36 @@
116117
<dependency>
117118
<groupId>org.apache.arrow</groupId>
118119
<artifactId>arrow-memory-netty</artifactId>
120+
<!--
121+
Due to JDK8 requirement, we are forced to use arrow version below v18
122+
which has io.netty:netty-common a dep. and its vulnerabilities
123+
-->
124+
<exclusions>
125+
<exclusion>
126+
<groupId>io.netty</groupId>
127+
<artifactId>netty-common</artifactId>
128+
</exclusion>
129+
<exclusion>
130+
<groupId>io.netty</groupId>
131+
<artifactId>netty-buffer</artifactId>
132+
</exclusion>
133+
</exclusions>
134+
<scope>runtime</scope>
135+
</dependency>
136+
<!--
137+
Define io.netty versions to override org.apache.arrow:arrow-memory-netty
138+
transitive dependency versions which contains vulnerabilities.
139+
-->
140+
<dependency>
141+
<groupId>io.netty</groupId>
142+
<artifactId>netty-common</artifactId>
143+
<version>${netty.version}</version>
144+
<scope>runtime</scope>
145+
</dependency>
146+
<dependency>
147+
<groupId>io.netty</groupId>
148+
<artifactId>netty-buffer</artifactId>
149+
<version>${netty.version}</version>
119150
<scope>runtime</scope>
120151
</dependency>
121152

pom.xml

+2
Original file line numberDiff line numberDiff line change
@@ -168,6 +168,8 @@
168168
<artifactId>maven-dependency-plugin</artifactId>
169169
<configuration>
170170
<ignoredUnusedDeclaredDependencies>
171+
<ignoredUnusedDeclaredDependency>io.netty:netty-buffer</ignoredUnusedDeclaredDependency>
172+
<ignoredUnusedDeclaredDependency>io.netty:netty-common</ignoredUnusedDeclaredDependency>
171173
<ignoredUnusedDeclaredDependency>org.apache.arrow:arrow-memory-netty</ignoredUnusedDeclaredDependency>
172174
</ignoredUnusedDeclaredDependencies>
173175
</configuration>

0 commit comments

Comments
 (0)