ClickHouse/clickhouse-java

Cleanup dependencies

chernser opened this issue · 0 comments

Describe the bug

There are some confusing dependencies. For example, clickhouse-jdbc (https://mvnrepository.com/artifact/com.clickhouse/clickhouse-jdbc) has:

  • com.clickhouse » org.apache.commons.compress 1.9.2
  • com.clickhouse » io.grpc 1.9.2
  • com.clickhouse » org.roaringbitmap 1.9.2

What confuses:

  • version.
  • org.apache.commons.compress - this package had vulnerabilities in early versions