Uploaded image for project: 'Velocity'
  1. Velocity
  2. VELOCITY-970

velocity-engine-core contains commons-io Maven descriptor

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.3
    • 2.4, 2.4.1, 2.4.2
    • Engine
    • None

    Description

      commons-io is embedded in velocity-engine-core, which is OK from Java point of view since its package is renamed (not causing any dependency problems).

      The problem is that it contains the commons-io Maven descriptors at the standard location (/META-INF/maven/commons-io/commons-io/), which is a problem when you analyze JAR files to find what's in it because it ends up being identified as a JAR exposing commons-io (which is not the case since it's weaved).

      Honestly, it feels very strange to embed commons-io in the first place given that commons-lang for example is a transitive dependency, so I feel like the simplest would just be to remove all the plumbing to embed and weave commons-io and simply keep it as a regular transitive dependency.

      Attachments

        Issue Links

          is fixed by

          Task - A task that needs to be done. VELOCITY-972 Remove Commons IO

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #37

          Activity

            People

              michael-o Michael Osipov
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: