[英]Exclude httpclient dependency from plugin in pom.xml
Using Spring Boot 2.4.4 Version and Maven for dependency management.使用 Spring Boot 2.4.4 版本和 Maven 进行依赖管理。
We are using Twistlock for container security purposes and we could able to see the vulnerabilities listed for the "httpclient".我们将 Twistlock 用于容器安全目的,我们可以看到为“httpclient”列出的漏洞。
Generally, We will exclude and update the latest version of dependencies if any issues faced in the dependencies mentioned in the tag in pom.xml一般情况下,如果 pom.xml 标签中提到的依赖项出现问题,我们会排除并更新最新版本的依赖项
Moreover, this "httpclient" is not listed in the "Dependency Hierarchy" of the POM.xml file in STS IDE too.此外,此“httpclient”也未列在 STS IDE 中的 POM.xml 文件的“依赖层次结构”中。
maven-resources-plugin, spring-boot-maven-plugin, jacoco-maven-plugin, maven-surefire-plugin. maven-resources-plugin、spring-boot-maven-plugin、jacoco-maven-plugin、maven-surefire-plugin。
We suspect that this "httpclient" may be loaded from any of the plugins listed above because of the URL "plugin/release..."由于 URL “plugin/release...”,我们怀疑这个“httpclient”可能是从上面列出的任何插件加载的
We tried to look at the pom.xml and "Dependency Hierarchy" of the above plugin for the "httpclient" dependency but no luck.我们尝试查看上述插件的 pom.xml 和“依赖层次结构”以获取“httpclient”依赖项,但没有运气。
Could someone share some input here?有人可以在这里分享一些意见吗?
You can add below plugin to pom.xml to list dependencies from other plugins.您可以将以下插件添加到 pom.xml 以列出来自其他插件的依赖项。 Once added, the dependency tree now will show what you are looking for.
添加后,依赖关系树现在将显示您要查找的内容。
<build>
<plugins>
<plugin>
<artifactId>maven-dependency-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
Once added..一旦添加..
mvn dependency:tree -Dverbose -Dincludes=org.apache.httpcomponents:httpclient
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.