srowen commented on a change in pull request #25933: [SPARK-29252][BUILD] Upgrade zookeeper to 3.4.14 and fix vulnerabilities. URL: https://github.com/apache/spark/pull/25933#discussion_r328605927
########## File path: dev/deps/spark-deps-hadoop-3.2 ########## @@ -211,6 +211,7 @@ spire-macros_2.12-0.17.0-M1.jar spire-platform_2.12-0.17.0-M1.jar spire-util_2.12-0.17.0-M1.jar spire_2.12-0.17.0-M1.jar +spotbugs-annotations-3.1.9.jar Review comment: Uh oh, this is LGPL. We can't include this. https://spotbugs.github.io/ It looks like ZK specifically excludes it from their binary release: https://github.com/apache/zookeeper/commit/372e713a9d2d9264417313e5d68e9437ffddd0f5 Therefore, we probably just need to write an exclusion rule to not pull in this dependency, as it sounds like it's not strictly needed at runtime (just annotations) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
