Move constant to relevant scope #13391
Conversation
What problem is this solving? What's the impact of loading vs not loading those classes? Presumably, and unless there are resources being initialized in a static context, there should be no effect from loading the classes eagerly. |
|
Thanks @martint for taking a look. |
|
The general idea here is to be able to safely remove Rubix dependency if caching is not being used. Rubix is marked by security scanners as vulnarable to https://nvd.nist.gov/vuln/detail/CVE-2022-25647 due to it's dependency on gson. No updates that could fix that at the moment. |
|
@lukasz-walkiewicz do you have confirmation that a build with this change will pass security scan ? |
|
No, I don't but I can confirm that with this change you can safely remove Rubix jar from hive plugin directory so I think it'll pass the scan. |
|
Please rename commit title and PR title and description to |
|
This change may have the side effect of delaying loading of those classes, but that cannot be guaranteed now or ever, so it shouldn't be the main purpose of this change. It's fine as a code cleanup, though. |
lukasz-walkiewicz
force-pushed
the
lazy-rubix-loading
branch
from
26f4e8a to
166d2f2
Compare
|
Updated commit message, thanks for the review. |
|
Please do the same with PR title and description. |
lukasz-walkiewicz
changed the title
Description
Move constant to relevant scope
Improvement
Related issues, pull requests, and links
Documentation
(x) No documentation is needed.
( ) Sufficient documentation is included in this PR.
( ) Documentation PR is available with #prnumber.
( ) Documentation issue #issuenumber is filed, and can be handled later.
Release notes
(x) No release notes entries required.
( ) Release notes entries required with the following suggested text: