linghengqian commented on code in PR #34409:
URL: https://github.com/apache/shardingsphere/pull/34409#discussion_r1923008959
##########
pom.xml:
##########
@@ -99,17 +102,17 @@
<jboss-logging.version>3.2.1.Final</jboss-logging.version>
<seata.version>2.2.0</seata.version>
- <netty.version>4.1.112.Final</netty.version>
- <bouncycastle.version>1.78.1</bouncycastle.version>
+ <netty.version>4.1.117.Final</netty.version>
+ <bouncycastle.version>1.80</bouncycastle.version>
- <curator.version>5.7.0</curator.version>
+ <curator.version>5.7.1</curator.version>
<zookeeper.version>3.9.2</zookeeper.version>
- <audience-annotations.version>0.12.0</audience-annotations.version>
+ <audience-annotations.version>0.15.0</audience-annotations.version>
Review Comment:
- `org.apache.yetus:audience-annotations:0.12.0` is actually just a
transitive dependency of `org.apache.zookeeper:zookeeper:3.9.2`.
- And since `org.apache.yetus:audience-annotations:0.14.0`, the metadata
provided by this dependency is invalid on JDK8, refer to
https://issues.apache.org/jira/browse/YETUS-1132 . Why do you need to change
the version of `org.apache.yetus:audience-annotations`?
##########
kernel/data-pipeline/scenario/cdc/client/pom.xml:
##########
@@ -45,14 +45,17 @@
<dependency>
<groupId>org.opengauss</groupId>
<artifactId>opengauss-jdbc</artifactId>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
+ <scope>provided</scope>
Review Comment:
- My understanding is that this is not enough. If a dependency's maven scope
is not `test`, then the dependency will be affected by
https://www.apache.org/legal/resolved.html . This requires implementing
something like
https://github.com/apache/gravitino/issues/4352#issuecomment-2453295083 for
`<optional>`, i.e.
```xml
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
<scope>provided</scope>
<optional>true</optional>
</dependency>
```
- The core reason is that MySQL JDBC Driver is a standard GPL. The FOSS
exception clause of MySQL JDBC Driver is actually not paid attention to by ASF.
##########
pom.xml:
##########
@@ -99,17 +102,17 @@
<jboss-logging.version>3.2.1.Final</jboss-logging.version>
<seata.version>2.2.0</seata.version>
- <netty.version>4.1.112.Final</netty.version>
- <bouncycastle.version>1.78.1</bouncycastle.version>
+ <netty.version>4.1.117.Final</netty.version>
+ <bouncycastle.version>1.80</bouncycastle.version>
- <curator.version>5.7.0</curator.version>
+ <curator.version>5.7.1</curator.version>
<zookeeper.version>3.9.2</zookeeper.version>
- <audience-annotations.version>0.12.0</audience-annotations.version>
+ <audience-annotations.version>0.15.0</audience-annotations.version>
<jetcd.version>0.7.7</jetcd.version>
- <vertx.version>4.5.1</vertx.version>
+ <vertx.version>4.5.11</vertx.version>
Review Comment:
- Shardingsphere doesn't actually use vertx. `io.vertx:vertx-grpc:4.5.1` is
a transitive dependency of `io.etcd:jetcd-grpc:0.7.7`, why do we need to change
the dependency tree of jetcd?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
