Comments (6)
@woess that should solve the CVE warning, all the tools check the artifact names
from graal.
To me its weird that they do not use group ids as well to identify artefacts. Artefact names seem quite conflict prone.
from graal.
Besides the potential name conflict in 25 years, and the hiding of the real version this triggers CVE checks:
I agree. I do not know why we decided to use the same artefact name here. We shouldn't have.
@woess Any opinion on changing that?
The size difference is probably missing compression. But I'd need to double check that.
@woess does our shading support compression?
from graal.
@chumer happy to change that, if it solves potential name conflicts. Unfortunately, we'll need to change the artifactId
for that.
does our shading support compression?
none of our deployed jars are compressed currently, and shaded jars aren't handled differently. But we can change that for icu4j.
from graal.
@d-schmidt if we changed the name of icu4j-23.1.2.jar
to e.g. truffle-icu4j-23.1.2.jar
, would that solve the issue or still trigger CVEs?
from graal.
I assume some tools check the released production jar or in one case even the docker image where we only have the artifacts. There are no poms anymore.
from graal.
Related Issues (20)
- [GR-51474] GraalVM for JDK 22 with JDK 22+31 fails the native-image generator (undefined reference to `Java_java_lang_VirtualThread_notifyJvmtiDisableSuspend') HOT 17
- [GR-51641] Compilation execution fails at the last step, Error: Id: Undefined symbols, _Java_java_lang_VirtualThread_notifyJvmtiEnd HOT 17
- cannot install scipy with graalpy-23.1.2-macos-aarch64.tar.gz HOT 6
- InternalResourceCache is hard-coded to 'user.home'. Overriding the path fails in tests. HOT 7
- Error reading tcl file - Cannot read resource "/tcl/lang/library/init.tcl" HOT 1
- Make graalnodejs-community available in `nvm-sh/nvm` and `coreybutler/nvm-windows`
- [GR-51307] Unable to collect GC data with NotificationEmitter in native build HOT 10
- orai18n dependency causes native application startup failure - Missing character set id 560 HOT 11
- UnsatisfiedLinkError: No awt in java.library.path HOT 6
- Determine the locale of Native Image executables at run-time
- [GR-51862] Native image build fails when using quarkus and protobuf HOT 5
- Native image service unable to compress image HOT 1
- Warning caused by Truffle and Polyglot HOT 4
- GraalVM native with kotlin issue HOT 3
- A way to limit instructions per execution (mainly for wasm) HOT 3
- [GR-51934] MacOS UnsatisfiedLinkError: sun.security.krb5.SCDynamicStoreConfig.getKerberosConfig HOT 1
- [GR-52221] Allow native-image-plugin to use a docker image as executable HOT 2
- maven java app fail with 'Error: No main manifest attribute' HOT 2
- [GR-52220] Support for Cosmopolitan Libc HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graal.