Details
-
Task
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
3.4.5, 3.7.2
-
None
-
Novice
Description
When using the component 'camel-xstream' the dependency for junit-vintage-engine and with that Junit 4.13 comes along.
This seems to be caused because the dependency for junit-vintage-engine isn't set to the scope test (like the other test dependencies).
Given that test dependencies shouldn't be in production builds (and junit 4.13 contains a vulnerability (see ossindex.sonatype.org)), please set the scope to test.
Attachments
Issue Links
- links to