Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove dangling netty dependency management #4023

Merged
merged 1 commit into from
Oct 5, 2023
Merged

Remove dangling netty dependency management #4023

merged 1 commit into from
Oct 5, 2023

Conversation

li-boxuan
Copy link
Member

We have a very old version of io.netty:netty dependency in our dependency management that is not being used anyways. This commit removes this dependency management so that dependabot does not report it as security vulnerability.

Thank you for contributing to JanusGraph!

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

For all changes:

  • Is there an issue associated with this PR? Is it referenced in the commit message?
  • Does your PR body contain #xyz where xyz is the issue number you are trying to resolve?
  • Has your PR been rebased against the latest commit within the target branch (typically master)?
  • Is your initial contribution a single, squashed commit?

For code changes:

  • Have you written and/or updated unit tests to verify your changes?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • If applicable, have you updated the LICENSE.txt file, including the main LICENSE.txt file in the root of this repository?
  • If applicable, have you updated the NOTICE.txt file, including the main NOTICE.txt file found in the root of this repository?

For documentation related changes:

  • Have you ensured that format looks appropriate for the output in which it is rendered?

@li-boxuan
Remove dangling netty dependency management
471bf38 
We have a very old version of io.netty:netty dependency in our dependency management that
is not being used anyways. This commit removes this dependency management so that dependabot
does not report it as security vulnerability.

Signed-off-by: Boxuan Li <liboxuan@connect.hku.hk>
@janusgraph-bot janusgraph-bot added the cla: external Externally-managed CLA label Oct 4, 2023
@li-boxuan li-boxuan added dependencies Pull requests that update a dependency file backport/v0.6 labels Oct 4, 2023
@li-boxuan li-boxuan added this to the Release v1.0.0 milestone Oct 5, 2023
@li-boxuan li-boxuan merged commit 4685531 into JanusGraph:master Oct 5, 2023
106 checks passed
@li-boxuan li-boxuan deleted the fix-netty-dependency-version branch October 5, 2023 02:59
@janusgraph-automations janusgraph-automations mentioned this pull request Oct 5, 2023
Merged
@janusgraph-automations
Copy link

💚 All backports created successfully

Status Branch Result
v0.6

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details

@janusgraph-automations janusgraph-automations mentioned this pull request Oct 5, 2023
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FlorianHockmann FlorianHockmann FlorianHockmann approved these changes

Assignees
No one assigned
Labels
backport/v0.6 cla: external Externally-managed CLA dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
Release v1.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@li-boxuan @janusgraph-automations @FlorianHockmann @janusgraph-bot