admin管理员组文章数量:1023067
Let's say I using a framework with netty and/or jetty, but with a netty version with a security vulnerability.
I tried:
configurations.all {
Action<Configuration> {
val conf = this@Action
dependencies {
add(conf, ".eclipse.jetty:jetty-http:12.0.12") {
because("some vuln")
}
}
}
}
This does not work:
$ gw dependencies | grep .eclipse.jetty:jetty-http
| | +--- .eclipse.jetty:jetty-http:11.0.20 (c)
| | +--- .eclipse.jetty:jetty-http:11.0.20
| | +--- .eclipse.jetty:jetty-http:11.0.20 (*)
| | | +--- .eclipse.jetty:jetty-http:11.0.20 (*)
# ...
Then I think I want to bump the whole netty/jetty group, as I suppose it would be better than bumping the single vuln dependency and having an inconsistent group. And this I fail completely.
Let's say I using a framework with netty and/or jetty, but with a netty version with a security vulnerability.
I tried:
configurations.all {
Action<Configuration> {
val conf = this@Action
dependencies {
add(conf, ".eclipse.jetty:jetty-http:12.0.12") {
because("some vuln")
}
}
}
}
This does not work:
$ gw dependencies | grep .eclipse.jetty:jetty-http
| | +--- .eclipse.jetty:jetty-http:11.0.20 (c)
| | +--- .eclipse.jetty:jetty-http:11.0.20
| | +--- .eclipse.jetty:jetty-http:11.0.20 (*)
| | | +--- .eclipse.jetty:jetty-http:11.0.20 (*)
# ...
Then I think I want to bump the whole netty/jetty group, as I suppose it would be better than bumping the single vuln dependency and having an inconsistent group. And this I fail completely.
本文标签: gradleBump transitive dependency group versionStack Overflow
版权声明:本文标题:gradle - Bump transitive dependency group version - Stack Overflow 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745567026a2156510.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论