[jira] [Comment Edited] (HBASE-22728) Upgrade jackson dependencies in branch-1

Fri, 09 Aug 2019 13:04:23 -0700 


    [ 
https://issues.apache.org/jira/browse/HBASE-22728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16904164#comment-16904164
 ] 

Andrew Purtell edited comment on HBASE-22728 at 8/9/19 8:03 PM:
----------------------------------------------------------------

So this is the result:

The compile scope appears only in hbase-rest. 

Everything else is brought in at 'provided' or 'test' scopes. 

Does this accomplish enough?

{noformat}
apurtell$ mvn dependency:tree|grep jackson
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- 
com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.9.9:compile
[INFO] |  +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.9.9:compile
[INFO] |  \- 
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.9.9:compile
[INFO] +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.9:compile
[INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.9.9:compile
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.2:compile
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.9.9:test
[INFO] |  +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.9.9:test
[INFO] |  \- 
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.9.9:test
[INFO] +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.9:test
[INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.9.9:test
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.2:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
{noformat}


was (Author: apurtell):
So this is the result:

The compile scope is hbase-rest. 

Everything else is 'provided' or 'test'. 

Does this accomplish enough?

{noformat}
apurtell$ mvn dependency:tree|grep jackson
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- 
com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.9.9:compile
[INFO] |  +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.9.9:compile
[INFO] |  \- 
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.9.9:compile
[INFO] +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.9:compile
[INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.9.9:compile
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.2:compile
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:provided
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:provided
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.9.9:test
[INFO] |  +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.9.9:test
[INFO] |  \- 
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.9.9:test
[INFO] +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.9:test
[INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.9.9:test
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.2:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:test
[INFO] |  \- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:test
{noformat}

> Upgrade jackson dependencies in branch-1
> ----------------------------------------
>
>                 Key: HBASE-22728
>                 URL: https://issues.apache.org/jira/browse/HBASE-22728
>             Project: HBase
>          Issue Type: Sub-task
>    Affects Versions: 1.4.10, 1.3.5
>            Reporter: Andrew Purtell
>            Assignee: Viraj Jasani
>            Priority: Major
>             Fix For: 1.5.0, 1.3.6, 1.4.11
>
>         Attachments: HBASE-22728-addendum.patch, HBASE-22728-addendum.patch, 
> HBASE-22728.branch-1.01.patch, HBASE-22728.branch-1.02.patch, 
> HBASE-22728.branch-1.04.patch, HBASE-22728.branch-1.06.patch, 
> HBASE-22728.branch-1.10.patch, HBASE-22728.branch-1.11.patch, 
> HBASE-22728.branch-1.12.patch, HBASE-22728.branch-1.14.patch
>
>
> Avoid Jackson versions and dependencies with known CVEs



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to