hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tamas Penzes (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-18304) Start enforcing upperbounds on dependencies
Date Mon, 31 Jul 2017 12:37:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-18304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16107251#comment-16107251
] 

Tamas Penzes commented on HBASE-18304:
--------------------------------------

Hi [~mdrob],

We do have other dependencies which have conflicts.
* org.slf4j:slf4j-log4j12
* com.google.guava:guava
* com.thoughtworks.paranamer:paranamer
* commons-net:commons-net
* net.java.dev.jets3t:jets3t
* org.scala-lang:scala-library
* org.scala-lang:scala-reflect
* io.netty:netty

Should I exclude all of them from the check (just like protobuf) or fix the issues by updating
minor/build versions?
Or should I exclude them now and update the versions/re-include them in a separate ticket?

None of them need a major version update, so they should not cause problems, but I cannot
guarantee.

scala version from 2.10.4 to 2.10.5 (doesn't look risky)
netty.hadoop.version from 3.6.2.Final to 3.8.0.Final (might be risky)

Some dependencies are only transitive at the moment, but the conflicts can be solved by adding
them as provided dependencies with the following versions numbers:
paranamer.version -> 2.6
guava.version -> 14.0.1
jets3t.version -> 0.9.0
commons-net.version -> 3.1

It is also possible to exclude these dependencies with the older version from the tree and
only keep the newest ones, but it would be harder to maintain.

The enforcer plugin must also be updated to a newer version to handle excludes:
maven-enforcer-plugin.version -> 3.0.0-M1

Regards, Tamaas

> Start enforcing upperbounds on dependencies
> -------------------------------------------
>
>                 Key: HBASE-18304
>                 URL: https://issues.apache.org/jira/browse/HBASE-18304
>             Project: HBase
>          Issue Type: Task
>          Components: build, dependencies
>    Affects Versions: 2.0.0
>            Reporter: Sean Busbey
>            Assignee: Tamas Penzes
>              Labels: beginner
>             Fix For: 2.0.0
>
>         Attachments: HBASE-18304.master.001.patch
>
>
> would be nice to get this going before our next major version.
> http://maven.apache.org/enforcer/enforcer-rules/requireUpperBoundDeps.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message