Caideyipi commented on PR #17859: URL: https://github.com/apache/iotdb/pull/17859#issuecomment-4646172937
I think this PR needs to regenerate dependencies.json after the REST/Jakarta dependency changes. dependencies.json is used by -Penable-sbom-check via src/main/groovy/checkDependencies.groovy, and the new est-openapi dependency tree now contains coordinates that are not in the reference list, for example: - com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations (while the old jackson-module-jaxb-annotations entry remains) - io.github.classgraph:classgraph - io.swagger.core.v3:swagger-integration-jakarta - jakarta.inject:jakarta.inject-api - com.sun.activation:jakarta.activation Because the check fails on any dependency added by the current build but missing from dependencies.json, release/SBOM validation can fail even if normal compilation passes. Please regenerate dependencies.json from the transformed SBOM and re-check LICENSE-binary for the newly bundled REST/Jakarta dependencies as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
