Cleanup dependencies
chernser opened this issue · 0 comments
chernser commented
Describe the bug
There are some confusing dependencies. For example, clickhouse-jdbc
(https://mvnrepository.com/artifact/com.clickhouse/clickhouse-jdbc) has:
com.clickhouse » org.apache.commons.compress
1.9.2com.clickhouse » io.grpc
1.9.2com.clickhouse » org.roaringbitmap
1.9.2
What confuses:
- version.
- org.apache.commons.compress - this package had vulnerabilities in early versions