[jira] [Commented] (NIFI-4297) Immediately actionable dependency upgrades

Fri, 22 Sep 2017 07:51:14 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-4297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16176531#comment-16176531
 ] 

ASF GitHub Bot commented on NIFI-4297:
--------------------------------------

Github user mcgilman commented on the issue:

    https://github.com/apache/nifi/pull/2084
  
    @alopresto I believe the exclusions for the solr processors are incorrect. 
`jackson-core` has been excluded but not explicitly added. Also, I noticed that 
the change to `jackson-annotations` made in the root pom, affects the version 
of `jackson-annotations` which `solr-solrj` brings in transitively. It appears 
that prior to this PR it also overriding (2.6.1 vs 2.5.4). Because the use of 
jackson is so widespread and the behavior of dependency management with regards 
to transitive dependencies, I'm wondering if it makes to remove 
`jackson-annotations` and allow individual modules to pull it in using the 
`jackson.version` property introduced here. Thoughts?


> Immediately actionable dependency upgrades
> ------------------------------------------
>
>                 Key: NIFI-4297
>                 URL: https://issues.apache.org/jira/browse/NIFI-4297
>             Project: Apache NiFi
>          Issue Type: Sub-task
>          Components: Extensions
>    Affects Versions: 1.3.0
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>              Labels: dependencies, security
>
> The immediately actionable items are:
> * {{org.apache.logging.log4j:log4j-core}} in {{nifi-storm-spout}} 2.1 -> 2.8.2
> * {{org.apache.poi:poi}} in {{nifi-email-processors}} 3.14 -> 3.15
> * {{org.apache.logging.log4j:log4j-core}} in 
> {{nifi-elasticsearch-5-processors}} 2.7 -> 2.8.2
> * {{org.springframework:spring-web}} in {{nifi-jetty}} 4.2.4.RELEASE -> 
> 4.3.10.RELEASE
> * {{org.springframework:spring-web}} in {{nifi-jetty}} 4.2.4.RELEASE -> 
> 4.3.10.RELEASE
> * {{org.apache.derby:derby}} in {{nifi-kite-processors}} 10.11.1.1 -> 
> 10.12.1.1 (already excluded)
> * {{com.fasterxml.jackson.core:jackson-core}} in {{nifi-azure-processors}} 
> 2.6.0 -> 2.8.6
> * {{com.fasterxml.jackson.core:jackson-core}} in {{nifi-expression-language}} 
> 2.6.1 -> 2.8.6
> * {{com.fasterxml.jackson.core:jackson-core}} in {{nifi-standard-utils}} 
> 2.6.2 -> 2.8.6
> * {{com.fasterxml.jackson.core:jackson-core}} in {{nifi-hwx-schema-registry}} 
> 2.7.3 -> 2.8.6
> * {{com.fasterxml.jackson.core:jackson-core}} in {{nifi-solr-processors}} 
> 2.5.4 -> 2.8.6



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to