Hello,

The dependency update report has been working fine. However I found some
issues that I summarized in this issue.
https://issues.apache.org/jira/browse/BEAM-6524
Can Yifan or someone else that knows that area please take a look.

Regards,
Ismaël


On Thu, Jun 14, 2018 at 11:37 PM Yifan Zou <yifan...@google.com> wrote:

> Thank you Paul for letting us know this issue. We will take care of it
> when upgrading dependencies.
>
> On Thu, Jun 14, 2018 at 7:23 AM Paul Gerver <pfger...@gmail.com> wrote:
>
>> I do have one request to be added to the Java SDK version updates:
>> Beam-3831 [1]. The Google Core depends on the old org.json package which
>> ASF discourages using because of the "Use only for good, not evil" clause.
>>
>> [1] https://issues.apache.org/jira/browse/BEAM-3831
>>
>> On Thu, Jun 14, 2018 at 3:03 AM Etienne Chauchot <echauc...@apache.org>
>> wrote:
>>
>>> Thanks Yifan,
>>>
>>> This is great ! It would help us maintain Beam more easily and probably
>>> help us fixing CVE as well.
>>>
>>> Etienne
>>>
>>> Le mercredi 13 juin 2018 à 07:45 -0700, Yifan Zou a écrit :
>>>
>>> Hi,
>>>
>>>
>>> I want to follow up and explain this email.
>>>
>>>
>>> This is a sample email that reports the results of Beam SDK dependency
>>> check, which was proposed here
>>> <https://docs.google.com/document/d/1rqr_8a9NYZCgeiXpTIwWLCL7X8amPAVfRXsO72BpBwA/edit#heading=h.u75g8bk11ngp>.
>>> The goal is finding updates for all Beam Python & Java SDKs' dependencies
>>> and prioritize them. The job will be auto triggered in Jenkins once a week
>>> and generate a report. The report lists the high priority updates base on
>>> the following criteria:
>>>
>>>
>>> The dependency update is high priority if:
>>>
>>> 1. It has major versions update available;
>>>
>>>       e.g. org.assertj:assertj-core 2.5.0 -> 3.10.0
>>>
>>>  2. or, it is over 3 minor versions behind the latest version;
>>>
>>>       e.g. org.tukaani:xz 1.5 -> 1.8
>>>
>>> 3. or, the current version is behind the later version for over 180 days.
>>>
>>>
>>>       e.g. com.google.auto.service:auto-service 2014-10-24 -> 2017-12-11
>>>
>>>
>>> This job helps Beam contributors to determine the dependency which is
>>> far behind the latest released version. The next step would be automating
>>> filing JIRA bugs for dep updates, group dependencies and identify owners to
>>> take care of the upgrades follow Chamikara's proposal
>>> <https://docs.google.com/document/d/15m1MziZ5TNd9rh_XN0YYBJfYkt0Oj-Ou9g0KFDPL2aA/edit>
>>> .
>>>
>>>
>>> For more readings:
>>>
>>> [Proposal] Beam dependency check automation
>>> <https://docs.google.com/document/d/1rqr_8a9NYZCgeiXpTIwWLCL7X8amPAVfRXsO72BpBwA/edit#heading=h.u75g8bk11ngp>
>>>  by Yifan Zou
>>>
>>> [Proposal] Beam dependency update policy
>>> <https://docs.google.com/document/d/15m1MziZ5TNd9rh_XN0YYBJfYkt0Oj-Ou9g0KFDPL2aA/edit>
>>>  by *Chamikara Jayalath*
>>>
>>> Thank you.
>>>
>>> Yifan Zou
>>>
>>> On Wed, Jun 13, 2018 at 7:41 AM Apache Jenkins Server <
>>> jenk...@builds.apache.org> wrote:
>>>
>>> High Priority Dependency Updates Of Beam Python SDK:
>>> *Dependency Name* *Current Version* *Later Version* *Current Version
>>> Release Date* *Later Version Release Date*
>>> google-cloud-bigquery 0.25.0 1.3.0 2017-06-26 2018-06-08
>>> httplib2 0.9.2 0.11.3 2015-09-28 2018-03-30 High Priority Dependency
>>> Updates Of Beam Java SDK:
>>> *Dependency Name* *Current Version* *Later Version* *Current Version
>>> Release Date* *Later Version Release Date*
>>> org.assertj:assertj-core 2.5.0 3.10.0 2016-07-03 2018-05-11
>>> com.google.auto.service:auto-service 1.0-rc2 1.0-rc4 2014-10-24
>>> 2017-12-11
>>> biz.aQute:bndlib 1.43.0 2.0.0.20130123-133441 2011-04-01 2013-02-27
>>> org.apache.cassandra:cassandra-all 3.9 3.11.2 2016-09-26 2018-02-14
>>> commons-cli:commons-cli 1.2 1.4 2009-03-19 2017-03-09
>>> commons-codec:commons-codec 1.9 1.11 2013-12-20 2017-10-17
>>> org.apache.commons:commons-dbcp2 2.1.1 2.3.0 2015-08-02 2018-05-08
>>> com.typesafe:config 1.3.0 1.3.3 2015-05-08 2018-02-21
>>> de.flapdoodle.embed:de.flapdoodle.embed.mongo 1.50.1 2.0.3 2015-12-11
>>> 2018-02-14
>>> de.flapdoodle.embed:de.flapdoodle.embed.process 1.50.1 2.0.3 2015-12-11
>>> 2018-02-14
>>> org.apache.derby:derby 10.12.1.1 10.14.2.0 2015-10-10 2018-05-03
>>> org.apache.derby:derbyclient 10.12.1.1 10.14.2.0 2015-10-10 2018-05-03
>>> org.apache.derby:derbynet 10.12.1.1 10.14.2.0 2015-10-10 2018-05-03
>>> org.elasticsearch:elasticsearch 5.6.3 6.2.4 2017-10-06 2018-04-12
>>> org.elasticsearch:elasticsearch-hadoop 5.0.0 6.2.4 2016-10-26 2018-04-12
>>> org.elasticsearch.client:elasticsearch-rest-client 5.6.3 6.2.4
>>> 2017-10-06 2018-04-12
>>> com.alibaba:fastjson 1.2.12 1.2.47 2016-05-21 2018-03-15
>>> org.elasticsearch.test:framework 5.6.3 6.2.4 2017-10-06 2018-04-12
>>> org.freemarker:freemarker 2.3.25-incubating 2.3.28 2016-06-14 2018-03-30
>>> org.codehaus.groovy:groovy-all 2.4.13 3.0.0-alpha-2 2017-11-22
>>> 2018-04-16
>>> org.apache.hbase:hbase-common 1.2.6 2.0.0.3.0.0.3-2 2017-05-29
>>> 2018-05-31
>>> org.apache.hbase:hbase-hadoop-compat 1.2.6 2.0.0.3.0.0.3-2 2017-05-29
>>> 2018-05-31
>>> org.apache.hbase:hbase-hadoop2-compat 1.2.6 2.0.0.3.0.0.3-2 2017-05-29
>>> 2018-05-31
>>> org.apache.hbase:hbase-server 1.2.6 2.0.0.3.0.0.3-2 2017-05-29
>>> 2018-05-31
>>> org.apache.hbase:hbase-shaded-client 1.2.6 2.0.0.3.0.0.3-2 2017-05-29
>>> 2018-05-31
>>> org.apache.hbase:hbase-shaded-server 1.2.6 2.0.0-alpha2 2017-05-29
>>> 2018-05-31
>>> org.apache.hive:hive-cli 2.1.0 3.0.0.3.0.0.3-2 2016-06-16 2018-05-21
>>> org.apache.hive:hive-common 2.1.0 3.0.0.3.0.0.3-2 2016-06-16 2018-05-21
>>> org.apache.hive:hive-exec 2.1.0 3.0.0.3.0.0.3-2 2016-06-16 2018-05-21
>>> org.apache.hive.hcatalog:hive-hcatalog-core 2.1.0 3.0.0.3.0.0.3-2
>>> 2016-06-16 2018-05-21
>>> org.apache.httpcomponents:httpasyncclient 4.1.2 4.1.3 2016-06-18
>>> 2017-02-05
>>> org.apache.httpcomponents:httpclient 4.5.2 4.5.5 2016-02-21 2018-01-18
>>> org.apache.httpcomponents:httpcore 4.4.5 4.4.9 2016-06-08 2018-01-11
>>> net.java.dev.javacc:javacc 4.0 7.0.3 2018-06-08 2017-11-06
>>> jline:jline 2.14.6 3.0.0.M1 2018-03-26 2018-06-08
>>> net.java.dev.jna:jna 4.1.0 4.5.1 2014-03-06 2017-12-27
>>> com.esotericsoftware.kryo:kryo 2.21 2.24.0 2013-02-27 2014-05-04
>>> io.dropwizard.metrics:metrics-core 3.1.2 4.1.0-rc2 2015-04-25 2018-05-03
>>> org.mongodb:mongo-java-driver 3.2.2 3.8.0-beta3 2016-02-15 2018-05-29
>>> io.netty:netty-all 4.1.17.Final 5.0.0.Alpha2 2017-11-08 2018-06-06
>>> io.grpc:protoc-gen-grpc-java 1.2.0 1.12.0 2017-03-15 2018-05-07
>>> org.apache.qpid:proton-j 0.13.1 0.27.1 2016-07-01 2018-04-25
>>> com.carrotsearch.randomizedtesting:randomizedtesting-runner 2.5.0 2.6.3
>>> 2017-01-23 2018-06-11
>>> org.scala-lang:scala-library 2.11.8 2.13.0-M4 2017-03-08 2018-05-14
>>> org.slf4j:slf4j-api 1.7.25 1.8.0-beta2 2017-03-16 2018-03-21
>>> org.slf4j:slf4j-jdk14 1.7.25 1.8.0-beta2 2017-03-16 2018-03-21
>>> org.apache.solr:solr-core 5.5.4 7.3.1 2017-10-20 2018-05-17
>>> org.apache.solr:solr-solrj 5.5.4 7.3.1 2017-10-20 2018-05-17
>>> org.apache.solr:solr-test-framework 5.5.4 7.3.1 2017-10-20 2018-05-17
>>> org.springframework:spring-expression 4.3.5.RELEASE 5.0.7.RELEASE
>>> 2017-01-25 2018-06-12
>>> sqlline:sqlline 1.3.0 1.4.0 2017-05-30 2018-05-30
>>> com.clearspring.analytics:stream 2.9.5 2.9.6 2016-08-10 2018-01-10
>>> org.elasticsearch.client:transport 5.0.0 6.2.4 2016-10-25 2018-04-12
>>> org.elasticsearch.plugin:transport-netty4-client 5.6.3 6.2.4 2017-11-06
>>> 2018-04-12
>>> org.tukaani:xz 1.5 1.8 2014-03-08 2018-01-04
>>>
>>>
>>
>> --
>> *Paul Gerver*
>>
>

Reply via email to