[jira] [Commented] (HBASE-18304) Start enforcing upperbounds on dependencies

Mon, 31 Jul 2017 05:37:13 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-18304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16107251#comment-16107251
 ] 

Tamas Penzes commented on HBASE-18304:
--------------------------------------

Hi [~mdrob],

We do have other dependencies which have conflicts.
* org.slf4j:slf4j-log4j12
* com.google.guava:guava
* com.thoughtworks.paranamer:paranamer
* commons-net:commons-net
* net.java.dev.jets3t:jets3t
* org.scala-lang:scala-library
* org.scala-lang:scala-reflect
* io.netty:netty

Should I exclude all of them from the check (just like protobuf) or fix the 
issues by updating minor/build versions?
Or should I exclude them now and update the versions/re-include them in a 
separate ticket?

None of them need a major version update, so they should not cause problems, 
but I cannot guarantee.

scala version from 2.10.4 to 2.10.5 (doesn't look risky)
netty.hadoop.version from 3.6.2.Final to 3.8.0.Final (might be risky)

Some dependencies are only transitive at the moment, but the conflicts can be 
solved by adding them as provided dependencies with the following versions 
numbers:
paranamer.version -> 2.6
guava.version -> 14.0.1
jets3t.version -> 0.9.0
commons-net.version -> 3.1

It is also possible to exclude these dependencies with the older version from 
the tree and only keep the newest ones, but it would be harder to maintain.

The enforcer plugin must also be updated to a newer version to handle excludes:
maven-enforcer-plugin.version -> 3.0.0-M1

Regards, Tamaas

> Start enforcing upperbounds on dependencies
> -------------------------------------------
>
>                 Key: HBASE-18304
>                 URL: https://issues.apache.org/jira/browse/HBASE-18304
>             Project: HBase
>          Issue Type: Task
>          Components: build, dependencies
>    Affects Versions: 2.0.0
>            Reporter: Sean Busbey
>            Assignee: Tamas Penzes
>              Labels: beginner
>             Fix For: 2.0.0
>
>         Attachments: HBASE-18304.master.001.patch
>
>
> would be nice to get this going before our next major version.
> http://maven.apache.org/enforcer/enforcer-rules/requireUpperBoundDeps.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to