Due to the discovery of a critical severity issue in Avro on 3rd October 2024, we will be canceling the vote for rc1. I would like to acknowledge and extend my thanks to PJ Fanning, who promptly stepped in to create a patch, upgrading the Avro version in XTable’s pom.xml. However, this commit is not part of rc1, so I will be publishing rc2 with the latest changes from the master.
https://github.com/advisories/GHSA-r7pg-v2c8-mfg3 https://github.com/apache/incubator-xtable/pull/559 - Vinish On 2024/10/07 10:20:00 Sudharshan Rajan wrote: > +1 approving the release RC1 , As per my understanding adding explicit > scope to pom.xml is not blocking functionality at the moment > > On Mon, Oct 7, 2024 at 11:11 AM Vinish Reddy <vin...@apache.org> wrote: > > > Just a kind reminder for everyone to cast their votes on RC1. If the > > recent change to the pom.xml regarding explicit scopes calls for an RC2, > > please feel free to add a -1. Thanks for your attention and feedback ! > > > > -Vinish > > > > On 2024/10/05 23:12:41 Tim Brown wrote: > > > I agree the lack of consistency is confusing. I have put up a PR to add > > the > > > scopes to the child pom files to make it more clear and easier to review > > as > > > suggested. > > > > > > https://github.com/apache/incubator-xtable/pull/563 > > > > > > On Sat, Oct 5, 2024 at 1:33 PM PJ Fanning <fannin...@apache.org> wrote: > > > > > > > Thanks Tim. Maven probably allows the scope to be inherited. I prefer > > > > explicit declarations because they are easier to review. > > > > > > > > I still think the 'Test Dependencies' in those poms looks kind of > > strange > > > > where some of the dependencies have test scope and other ones have no > > > > explicit scope. > > > > > > > > Example snippet: > > > > <!-- Test Dependencies --> > > > > <dependency> > > > > <groupId>org.apache.hudi</groupId> > > > > > > > > > > <artifactId>hudi-spark${spark.version.prefix}-bundle_${scala.binary.version}</artifactId> > > > > <scope>test</scope> > > > > </dependency> > > > > <dependency> > > > > <groupId>org.apache.hudi</groupId> > > > > <artifactId>hudi-java-client</artifactId> > > > > <scope>test</scope> > > > > </dependency> > > > > <dependency> > > > > <groupId>com.esotericsoftware</groupId> > > > > <artifactId>kryo</artifactId> > > > > </dependency> > > > > > > > > I just think it is difficult to review something where you need to look > > > > around the place to work out if 'kryo' is test scope or not. > > > > > > > > > > > > On 2024/10/04 21:24:43 Tim Brown wrote: > > > > > My understanding of Maven is that you can use the > > <dependencyManagement> > > > > to > > > > > control the scope of these dependencies in the child poms. Am I > > mistaken? > > > > > We define the test scope there: > > > > > https://github.com/apache/incubator-xtable/blob/main/pom.xml#L417 > > > > > > > > > > > > > > > > > > > > On Fri, Oct 4, 2024 at 2:07 PM PJ Fanning <fannin...@apache.org> > > wrote: > > > > > > > > > > > There seems to be an issue where the 'test' scope is missing from > > the > > > > test > > > > > > dependencies in these poms: > > > > > > > > > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachextable-1005/org/apache/xtable/xtable-hudi-support-utils/0.2.0-incubating/xtable-hudi-support-utils-0.2.0-incubating.pom > > > > > > > > > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachextable-1005/org/apache/xtable/xtable-hudi-support-extensions_2.12/0.2.0-incubating/xtable-hudi-support-extensions_2.12-0.2.0-incubating.pom > > > > > > > > > > > > Possibly other poms too. > > > > > > Junit jars are almost always in 'test' scope. The poms have > > comments > > > > > > indicating grouping of dependencies and the ones list under the > > 'Test > > > > > > Dependencies' do not not all have 'test' scope either. > > > > > > > > > > > > > > > > > > > > > > > > On 2024/10/03 08:02:29 Vinish Reddy wrote: > > > > > > > Hi everyone, > > > > > > > > > > > > > > Please review and vote on the release candidate #1 for the > > version > > > > 0.2.0, > > > > > > > as follows: > > > > > > > > > > > > > > [ ] +1, Approve the release > > > > > > > > > > > > > > [ ] -1, Do not approve the release (please provide specific > > comments) > > > > > > > > > > > > > > The complete staging area is available for your review, which > > > > includes: > > > > > > > > > > > > > > *GH release notes [1], > > > > > > > > > > > > > > * the official Apache source release and binary convenience > > releases > > > > to > > > > > > be > > > > > > > deployed to dist.apache.org [2], which are signed with the key > > with > > > > > > > fingerprint 5EFD1E91 [3], > > > > > > > > > > > > > > * all artifacts to be deployed to the Maven Central Repository > > [4], > > > > > > > > > > > > > > * source code tag "release-0.2.0-incubating-rc1" [5], > > > > > > > > > > > > > > Thanks, > > > > > > > Vinish > > > > > > > > > > > > > > [1] > > > > > > > > > > > > > > > > > > > https://github.com/apache/incubator-xtable/issues/551#issuecomment-2390755342 > > > > > > > > > > > > > > [2] > > > > > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/xtable/0.2.0-incubating-rc1/ > > > > > > > [2] [checksum] > > > > > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/xtable/0.2.0-incubating-rc1/apache-xtable-0.2.0-incubating.src.tgz.sha512 > > > > > > > > > > > > > > [3] https://downloads.apache.org/incubator/xtable/KEYS > > > > > > > > > > > > > > [4] > > > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachextable-1005/ > > > > > > > > > > > > > > [5] [tag] > > > > > > > > > > > > > > > > > > > https://github.com/apache/incubator-xtable/releases/tag/0.2.0-incubating-rc1 > > > > > > > [5] [SHA] > > > > > > > > > > > > > > > > > > > https://github.com/apache/incubator-xtable/commit/e11411fd53db409cac5d572b68ed6a450f669810 > > > > > > > > > > > > > > > > > > > > > > > > > > > >
