[NO-SNOW] Exclude vulnerable transitive deps from snowflake-jdbc-thin (#1148)

sfc-gh-ggeng · claude · web-flow · commit 248a4f7ecbce · 2026-04-14T14:50:07.000-07:00
* Fix dependency issues: add hamcrest-core, exclude JDBC vulnerabilities - Add hamcrest-core:1.3 as explicit test dependency (used by ported tests: RestRequestTest, JdbcHttpUtilTest, SnowflakeConnectStringTest, SecretDetectorTest) - Exclude vulnerable transitive deps from snowflake-jdbc-thin in both main pom and e2e-jar-test pom: - grpc-netty-shaded (CVE-2025-55163, CVSS 8.7) - commons-lang3 (CVE-2025-48924, CVSS 8.8) - javax.servlet-api (license: CDDL-1.1/GPL-2.0) - javax.annotation-api (license: CDDL-1.1/GPL-2.0) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Trigger CI Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Update copyright year to 2026 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/pom.xml b/pom.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2024-2025 Snowflake Computing Inc. All rights reserved.
+  ~ Copyright (c) 2024-2026 Snowflake Computing Inc. All rights reserved.
   -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
