[jira] [Work logged] (HADOOP-18224) Upgrade maven compiler plugin to 3.10.1

Tue, 17 May 2022 10:34:21 -0700 


     [ 
https://issues.apache.org/jira/browse/HADOOP-18224?focusedWorklogId=771486&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-771486
 ]

ASF GitHub Bot logged work on HADOOP-18224:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 17/May/22 17:33
            Start Date: 17/May/22 17:33
    Worklog Time Spent: 10m 
      Work Description: aajisaka commented on PR #4267:
URL: https://github.com/apache/hadoop/pull/4267#issuecomment-1129136477

   > package-info.class exclusion on this PR is required for compiler plugin 
upgrade.
   
   There are multiple different package-info.java using the same package.
   ```
   find . -name "package-info.java" | xargs grep "package 
org.apache.hadoop.yarn.server.metrics"
   
./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/metrics/package-info.java:package
 org.apache.hadoop.yarn.server.metrics;
   
./hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/java/org/apache/hadoop/yarn/server/metrics/package-info.java:package
 org.apache.hadoop.yarn.server.metrics;
   ```
   ```
   find . -name "package-info.java" | xargs grep "package 
org.apache.hadoop.hdfs.protocolPB"
   
./hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/protocolPB/package-info.java:package
 org.apache.hadoop.hdfs.protocolPB;
   
./hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/package-info.java:package
 org.apache.hadoop.hdfs.protocolPB;
   
./hadoop-hdfs-project/hadoop-hdfs-rbf/src/main/java/org/apache/hadoop/hdfs/protocolPB/package-info.java:package
 org.apache.hadoop.hdfs.protocolPB;
   ```
   How about removing some the files and make sure there is only one 
package-info.java for each package?




Issue Time Tracking
-------------------

    Worklog Id:     (was: 771486)
    Time Spent: 5h 10m  (was: 5h)

> Upgrade maven compiler plugin to 3.10.1
> ---------------------------------------
>
>                 Key: HADOOP-18224
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18224
>             Project: Hadoop Common
>          Issue Type: Task
>            Reporter: Viraj Jasani
>            Assignee: Viraj Jasani
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 5h 10m
>  Remaining Estimate: 0h
>
> Currently we are using maven-compiler-plugin 3.1 version, which is quite old 
> (2013) and it's also pulling in vulnerable log4j dependency:
> {code:java}
> [INFO]    
> org.apache.maven.plugins:maven-compiler-plugin:maven-plugin:3.1:runtime
> [INFO]       org.apache.maven.plugins:maven-compiler-plugin:jar:3.1
> [INFO]       org.apache.maven:maven-plugin-api:jar:2.0.9
> [INFO]       org.apache.maven:maven-artifact:jar:2.0.9
> [INFO]       org.codehaus.plexus:plexus-utils:jar:1.5.1
> [INFO]       org.apache.maven:maven-core:jar:2.0.9
> [INFO]       org.apache.maven:maven-settings:jar:2.0.9
> [INFO]       org.apache.maven:maven-plugin-parameter-documenter:jar:2.0.9
> ...
> ...
> ...
> [INFO]       log4j:log4j:jar:1.2.12
> [INFO]       commons-logging:commons-logging-api:jar:1.1
> [INFO]       com.google.collections:google-collections:jar:1.0
> [INFO]       junit:junit:jar:3.8.2
>  {code}
>  
> We should upgrade to 3.10.1 (latest Mar, 2022) version of 
> maven-compiler-plugin.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to