admin管理员组

文章数量:1431746

Let's say I using a framework with netty and/or jetty, but with a netty version with a security vulnerability.

I tried:

configurations.all {   
    Action<Configuration> {
        val conf = this@Action
        dependencies {
            add(conf, ".eclipse.jetty:jetty-http:12.0.12") {
                because("some vuln")
            }
        }
    }
}

This does not work:

$ gw dependencies | grep .eclipse.jetty:jetty-http

|    |    +--- .eclipse.jetty:jetty-http:11.0.20 (c)
|    |    +--- .eclipse.jetty:jetty-http:11.0.20
|    |    +--- .eclipse.jetty:jetty-http:11.0.20 (*)
|    |    |    +--- .eclipse.jetty:jetty-http:11.0.20 (*)
# ...

Then I think I want to bump the whole netty/jetty group, as I suppose it would be better than bumping the single vuln dependency and having an inconsistent group. And this I fail completely.

本文标签: gradleBump transitive dependency group versionStack Overflow

版权声明:本文标题:gradle - Bump transitive dependency group version - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745567027a2663821.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。