This is an automated email from the ASF dual-hosted git repository.
karan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 5fc59b01e74 Update some dependencies and enable
enforcer/requireUpperBoundDeps (#18990)
5fc59b01e74 is described below
commit 5fc59b01e7493571ea745deeb30b3eae6fae1347
Author: Zoltan Haindrich <[email protected]>
AuthorDate: Mon Feb 9 14:15:56 2026 +0100
Update some dependencies and enable enforcer/requireUpperBoundDeps (#18990)
* some updates
* update
* try-it-anyway
* up-until-services
* up-until-services
* up-it
* ok
* add lot of excludes
* change bb
* updates
* undo fastutil upgrade
* dont upgrade zst
* undo-errorprone
* exclude errorprone
---
extensions-contrib/compressed-bigdecimal/pom.xml | 1 -
extensions-core/orc-extensions/pom.xml | 4 ++
integration-tests-ex/tools/pom.xml | 3 +
licenses.yaml | 20 ++++--
pom.xml | 87 ++++++++++++++++++++----
5 files changed, 94 insertions(+), 21 deletions(-)
diff --git a/extensions-contrib/compressed-bigdecimal/pom.xml
b/extensions-contrib/compressed-bigdecimal/pom.xml
index 2d40ef69037..c42d38415a6 100644
--- a/extensions-contrib/compressed-bigdecimal/pom.xml
+++ b/extensions-contrib/compressed-bigdecimal/pom.xml
@@ -138,7 +138,6 @@
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
- <version>2.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/extensions-core/orc-extensions/pom.xml
b/extensions-core/orc-extensions/pom.xml
index 9573e653a01..9a2b55427bb 100644
--- a/extensions-core/orc-extensions/pom.xml
+++ b/extensions-core/orc-extensions/pom.xml
@@ -146,6 +146,10 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.jetbrains</groupId>
+ <artifactId>annotations</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
diff --git a/integration-tests-ex/tools/pom.xml
b/integration-tests-ex/tools/pom.xml
index 1861a1bd910..503b1dfd435 100644
--- a/integration-tests-ex/tools/pom.xml
+++ b/integration-tests-ex/tools/pom.xml
@@ -23,6 +23,9 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
<modelVersion>4.0.0</modelVersion>
+ <properties>
+ <enforcer.skip>true</enforcer.skip>
+ </properties>
<groupId>org.apache.druid.integration-tests</groupId>
<artifactId>druid-it-tools</artifactId>
<name>druid-it-tools</name>
diff --git a/licenses.yaml b/licenses.yaml
index 11be1110ac5..8cf40efbc6b 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -498,7 +498,7 @@ name: Apache Commons Codec
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 1.16.1
+version: 1.17.1
libraries:
- commons-codec: commons-codec
notices:
@@ -653,7 +653,7 @@ name: Apache Commons DBCP
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 2.0.1
+version: 2.11.0
libraries:
- org.apache.commons: commons-dbcp2
notices:
@@ -702,7 +702,7 @@ name: Apache Commons Pool
license_category: binary
module: java-core
license_name: Apache License version 2.0
-version: 2.2
+version: 2.12.0
libraries:
- org.apache.commons: commons-pool2
notices:
@@ -2977,6 +2977,16 @@ libraries:
---
+name: jakarta.transaction
+version: 1.3.3
+license_category: binary
+module: java-core
+license_name: Eclipse Public License 2.0
+libraries:
+ - jakarta.transaction: jakarta.transaction-api
+
+---
+
name: javax.ws.rs-api
version: 2.1.1
license_category: binary
@@ -3400,7 +3410,7 @@ name: SLF4J API
license_category: binary
module: java-core
license_name: MIT License
-version: 2.0.16
+version: 2.0.17
copyright: QOS.ch
license_file_path: licenses/bin/slf4j.MIT
libraries:
@@ -5132,7 +5142,7 @@ name: Docker Java
license_category: binary
module: extensions-core/druid-testcontainers
license_name: Apache License version 2.0
-version: 3.6.0
+version: 3.7.0
libraries:
- com.github.docker-java: docker-java-api
- com.github.docker-java: docker-java-transport
diff --git a/pom.xml b/pom.xml
index c0c6da2e505..e6a9f9522f3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -79,10 +79,12 @@
<!-- when updating apache ranger, verify the usage of aws-bundle-sdk
vs aws-logs-sdk
and update as needed in extensions-core/druid-ranger-security/pm.xml
-->
<apache.ranger.version>2.7.0</apache.ranger.version>
+ <antlr4.version>4.5.3</antlr4.version>
<gson.version>2.12.0</gson.version>
<scala.library.version>2.13.14</scala.library.version>
<avatica.version>1.27.0</avatica.version>
<avro.version>1.11.4</avro.version>
+ <bytebuddy.version>1.17.7</bytebuddy.version>
<!--
The base calcite parser was copied into the project; when updating
Calcite run dev/upgrade-calcite-parser to adopt upstream changes
-->
@@ -111,7 +113,7 @@
<postgresql.version>42.7.2</postgresql.version>
<protobuf.version>3.25.8</protobuf.version>
<resilience4j.version>1.3.1</resilience4j.version>
- <slf4j.version>2.0.16</slf4j.version>
+ <slf4j.version>2.0.17</slf4j.version>
<jna.version>5.18.1</jna.version>
<jna-platform.version>5.18.1</jna-platform.version>
<hadoop.compile.version>3.3.6</hadoop.compile.version>
@@ -119,7 +121,7 @@
<mockito.version>5.14.2</mockito.version>
<aws.sdk.version>1.12.784</aws.sdk.version>
<caffeine.version>2.8.0</caffeine.version>
- <jacoco.version>0.8.12</jacoco.version>
+ <jacoco.version>0.8.14</jacoco.version>
<testcontainers.version>2.0.3</testcontainers.version>
<hibernate-validator.version>6.2.5.Final</hibernate-validator.version>
<httpclient.version>4.5.13</httpclient.version>
@@ -315,7 +317,7 @@
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
- <version>1.16.1</version>
+ <version>1.17.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
@@ -411,6 +413,11 @@
<artifactId>kotlin-stdlib</artifactId>
<version>1.9.25</version>
</dependency>
+ <dependency>
+ <groupId>org.jetbrains</groupId>
+ <artifactId>annotations</artifactId>
+ <version>26.0.2</version>
+ </dependency>
<!-- Transitive dependency of kubernetes-client-java in
kubernetes-extension,
schema-repo in avro-extensions, and com.google.caliper:caliper in
druid-server
and direct dependency of druid-ranger
@@ -880,12 +887,12 @@
<dependency>
<groupId>org.antlr</groupId>
<artifactId>antlr4-runtime</artifactId>
- <version>4.5.3</version>
+ <version>${antlr4.version}</version>
</dependency>
<dependency>
<groupId>org.antlr</groupId>
<artifactId>antlr4-coordinator</artifactId>
- <version>4.5.3</version>
+ <version>${antlr4.version}</version>
</dependency>
<dependency>
<groupId>commons-cli</groupId>
@@ -895,7 +902,7 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-dbcp2</artifactId>
- <version>2.0.1</version>
+ <version>2.11.0</version>
</dependency>
<!-- this is relocated to at.yawk.lz4, but license checker script
(the one that uses licenses.yaml)
complains about stuff (our dependencies) using org.lz4 package,
so put this here even though our own
@@ -1181,7 +1188,7 @@
<dependency>
<groupId>com.github.docker-java</groupId>
<artifactId>docker-java-bom</artifactId>
- <version>3.6.0</version>
+ <version>3.7.0</version>
<scope>import</scope>
<type>pom</type>
</dependency>
@@ -1226,13 +1233,16 @@
<artifactId>assertj-core</artifactId>
<version>3.27.7</version>
<scope>test</scope>
- <exclusions>
- <!-- exclude older byte-buddy until assertj-core depends on
1.14+ for Java 21 -->
- <exclusion>
- <groupId>net.bytebuddy</groupId>
- <artifactId>byte-buddy</artifactId>
- </exclusion>
- </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>net.bytebuddy</groupId>
+ <artifactId>byte-buddy</artifactId>
+ <version>${bytebuddy.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>net.bytebuddy</groupId>
+ <artifactId>byte-buddy-agent</artifactId>
+ <version>${bytebuddy.version}</version>
</dependency>
<dependency>
<groupId>com.ircclouds.irc</groupId>
@@ -1736,6 +1746,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.6.2</version>
<executions>
<execution>
<id>default-cli</id>
@@ -1762,6 +1773,52 @@
<exclude>org.eclipse.jetty.toolchain:jetty-servlet-api</exclude>
</excludes>
</bannedDependencies>
+ <requireUpperBoundDeps>
+ <excludes>
+ <!-- upgrading these later -->
+
<exclude>org.apache.zookeeper:zookeeper</exclude>
+
<exclude>com.google.guava:guava</exclude>
+
<exclude>org.apache.commons:commons-collections4</exclude>
+
<exclude>com.github.ben-manes.caffeine:caffeine</exclude>
+
<exclude>com.fasterxml.jackson.core:jackson-annotations</exclude>
+
<exclude>com.fasterxml.jackson.core:jackson-databind</exclude>
+
<exclude>com.fasterxml.jackson.core:jackson-core</exclude>
+
<exclude>com.fasterxml.jackson.datatype:jackson-datatype-jsr310</exclude>
+
<exclude>com.fasterxml.jackson.dataformat:jackson-dataformat-yaml</exclude>
+
<exclude>jakarta.activation:jakarta.activation-api</exclude>
+
<exclude>com.google.inject.extensions:guice-assistedinject</exclude>
+
<exclude>com.fasterxml.jackson.module:jackson-module-guice</exclude>
+
<exclude>com.google.inject:guice</exclude>
+ <exclude>redis.clients:jedis</exclude>
+
<exclude>org.reflections:reflections</exclude>
+
<exclude>org.roaringbitmap:RoaringBitmap</exclude>
+
<exclude>io.airlift:aircompressor</exclude>
+
<exclude>com.squareup.okio:okio</exclude>
+
<exclude>org.apache.httpcomponents.client5:httpclient5</exclude>
+
<exclude>com.sun.activation:jakarta.activation</exclude>
+
<exclude>org.apache.commons:commons-compress</exclude>
+ <exclude>org.yaml:snakeyaml</exclude>
+
<exclude>io.netty:netty-transport-native-kqueue</exclude>
+
<exclude>io.netty:netty-transport-native-epoll</exclude>
+
<exclude>io.netty:netty-handler-proxy</exclude>
+
<exclude>io.netty:netty-handler</exclude>
+
<exclude>com.google.http-client:google-http-client-jackson2</exclude>
+
<exclude>com.google.http-client:google-http-client</exclude>
+
<exclude>com.google.api.grpc:proto-google-common-protos</exclude>
+ <exclude>commons-io:commons-io</exclude>
+
<exclude>com.github.luben:zstd-jni</exclude>
+
<exclude>org.scala-lang:scala-library</exclude>
+
<exclude>org.bouncycastle:bcpkix-jdk18on</exclude>
+
<exclude>org.jetbrains.kotlin:kotlin-stdlib-jdk8</exclude>
+
<exclude>io.netty:netty-codec-http</exclude>
+
<exclude>io.confluent:kafka-schema-registry-client</exclude>
+
<exclude>org.apache.kafka:kafka-clients</exclude>
+
<exclude>com.google.errorprone:error_prone_annotations</exclude>
+ </excludes>
+ <excludedScopes>
+ <excludedScope>provided</excludedScope>
+ </excludedScopes>
+ </requireUpperBoundDeps>
</rules>
<fail>true</fail>
</configuration>
@@ -1969,7 +2026,7 @@
<plugin>
<groupId>org.antlr</groupId>
<artifactId>antlr4-maven-plugin</artifactId>
- <version>4.5.3</version>
+ <version>${antlr4.version}</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
