Remove non-supported dependency
dzahariev opened this issue · 0 comments
dzahariev commented
The https://github.com/ronmamo/reflections seem to not be maintained for more than a year.
The fork: https://github.com/aschoerk/reflections8 provides the same functionality, but removes dependency to Guava in flavour to Java 8 Streams APIs.
Currently Guava 20.0 have 2 security issues CVE-2018-10237 and CVE-2020-8908 that will be gone after this adoption.
The adoption seem to be pretty straightforward - dependency is changed to:
<dependency>
<groupId>net.oneandone.reflections8</groupId>
<artifactId>reflections8</artifactId>
<version>0.11.5</version>
</dependency>
And imports of packages org.reflections.* are renamed to org.reflections8.*.
The tests pass without issues after that:
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] odata-jpa .......................................... SUCCESS [ 0.590 s]
[INFO] odata-jpa-annotation ............................... SUCCESS [ 1.078 s]
[INFO] odata-jpa-test ..................................... SUCCESS [ 6.157 s]
[INFO] odata-jpa-metadata ................................. SUCCESS [ 12.096 s]
[INFO] odata-jpa-processor ................................ SUCCESS [ 26.294 s]
[INFO] odata-jpa-coverage ................................. SUCCESS [ 1.638 s]
[INFO] odata-jpa-spring-support ........................... SUCCESS [ 0.027 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 47.988 s
[INFO] Finished at: 2021-04-15T20:33:18+03:00
[INFO] Final Memory: 31M/128M
[INFO] ------------------------------------------------------------------------