[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[
https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16470842#comment-16470842
]
Boglarka Egyed commented on SQOOP-3322:
---
Thanks [~dvoros] for this clean up! Please close the Review Request too.
> Version differences between ivy configurations
> --
>
> Key: SQOOP-3322
> URL: https://issues.apache.org/jira/browse/SQOOP-3322
> Project: Sqoop
> Issue Type: Bug
> Components: build
>Affects Versions: 1.4.7
>Reporter: Daniel Voros
>Assignee: Daniel Voros
>Priority: Minor
> Fix For: 3.0.0
>
>
> We have multiple ivy configurations defined in ivy.xml.
> - The {{redist}} configuration is used to select the artifacts that need to
> be distributed with Sqoop in its tar.gz.
> - The {{common}} configuration is used to set the classpath during
> compilation (also refered to as 'hadoop classpath')
> - The {{test}} configuration is used to set the classpath during junit
> execution. It extends the {{common}} config.
> Some artifacts end up having different versions between these three
> configurations, which means we're using different versions during
> compilation/testing/runtime.
> Differences:
> ||Artifact||redist||common (compilation)||test||
> |commons-pool|not in redist|1.5.4|*1.6*|
> |commons-codec|1.4|1.9|*1.9*|
> |commons-io|1.4|2.4|*2.4*|
> |commons-logging|1.1.1|1.2|*1.2*|
> |slf4j-api|1.6.1|1.7.7|*1.7.7*|
> I'd suggest using the version *in bold* in all three configurations to use
> the latest versions.
> To achieve this we should exclude these artifacts from the transitive
> dependencies and define them explicitly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[
https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16470839#comment-16470839
]
Hudson commented on SQOOP-3322:
---
SUCCESS: Integrated in Jenkins build Sqoop-hadoop200 #1165 (See
[https://builds.apache.org/job/Sqoop-hadoop200/1165/])
SQOOP-3322: Version differences between ivy configurations (bogi:
[https://git-wip-us.apache.org/repos/asf?p=sqoop.git&a=commit&h=2ca85527fd9f927add9127f91f3f3ef0c98fed6e])
* (edit) ivy.xml
* (edit) ivy/libraries.properties
> Version differences between ivy configurations
> --
>
> Key: SQOOP-3322
> URL: https://issues.apache.org/jira/browse/SQOOP-3322
> Project: Sqoop
> Issue Type: Bug
> Components: build
>Affects Versions: 1.4.7
>Reporter: Daniel Voros
>Assignee: Daniel Voros
>Priority: Minor
> Fix For: 3.0.0
>
>
> We have multiple ivy configurations defined in ivy.xml.
> - The {{redist}} configuration is used to select the artifacts that need to
> be distributed with Sqoop in its tar.gz.
> - The {{common}} configuration is used to set the classpath during
> compilation (also refered to as 'hadoop classpath')
> - The {{test}} configuration is used to set the classpath during junit
> execution. It extends the {{common}} config.
> Some artifacts end up having different versions between these three
> configurations, which means we're using different versions during
> compilation/testing/runtime.
> Differences:
> ||Artifact||redist||common (compilation)||test||
> |commons-pool|not in redist|1.5.4|*1.6*|
> |commons-codec|1.4|1.9|*1.9*|
> |commons-io|1.4|2.4|*2.4*|
> |commons-logging|1.1.1|1.2|*1.2*|
> |slf4j-api|1.6.1|1.7.7|*1.7.7*|
> I'd suggest using the version *in bold* in all three configurations to use
> the latest versions.
> To achieve this we should exclude these artifacts from the transitive
> dependencies and define them explicitly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[
https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16470713#comment-16470713
]
ASF subversion and git services commented on SQOOP-3322:
Commit 2ca85527fd9f927add9127f91f3f3ef0c98fed6e in sqoop's branch
refs/heads/trunk from [~BoglarkaEgyed]
[ https://git-wip-us.apache.org/repos/asf?p=sqoop.git;h=2ca8552 ]
SQOOP-3322: Version differences between ivy configurations
(Daniel Voros via Boglarka Egyed)
> Version differences between ivy configurations
> --
>
> Key: SQOOP-3322
> URL: https://issues.apache.org/jira/browse/SQOOP-3322
> Project: Sqoop
> Issue Type: Bug
> Components: build
>Affects Versions: 1.4.7
>Reporter: Daniel Voros
>Assignee: Daniel Voros
>Priority: Minor
> Fix For: 3.0.0
>
>
> We have multiple ivy configurations defined in ivy.xml.
> - The {{redist}} configuration is used to select the artifacts that need to
> be distributed with Sqoop in its tar.gz.
> - The {{common}} configuration is used to set the classpath during
> compilation (also refered to as 'hadoop classpath')
> - The {{test}} configuration is used to set the classpath during junit
> execution. It extends the {{common}} config.
> Some artifacts end up having different versions between these three
> configurations, which means we're using different versions during
> compilation/testing/runtime.
> Differences:
> ||Artifact||redist||common (compilation)||test||
> |commons-pool|not in redist|1.5.4|*1.6*|
> |commons-codec|1.4|1.9|*1.9*|
> |commons-io|1.4|2.4|*2.4*|
> |commons-logging|1.1.1|1.2|*1.2*|
> |slf4j-api|1.6.1|1.7.7|*1.7.7*|
> I'd suggest using the version *in bold* in all three configurations to use
> the latest versions.
> To achieve this we should exclude these artifacts from the transitive
> dependencies and define them explicitly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[
https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467438#comment-16467438
]
Daniel Voros commented on SQOOP-3322:
-
Attaching review request.
> Version differences between ivy configurations
> --
>
> Key: SQOOP-3322
> URL: https://issues.apache.org/jira/browse/SQOOP-3322
> Project: Sqoop
> Issue Type: Bug
> Components: build
>Affects Versions: 1.4.7
>Reporter: Daniel Voros
>Assignee: Daniel Voros
>Priority: Minor
>
> We have multiple ivy configurations defined in ivy.xml.
> - The {{redist}} configuration is used to select the artifacts that need to
> be distributed with Sqoop in its tar.gz.
> - The {{common}} configuration is used to set the classpath during
> compilation (also refered to as 'hadoop classpath')
> - The {{test}} configuration is used to set the classpath during junit
> execution. It extends the {{common}} config.
> Some artifacts end up having different versions between these three
> configurations, which means we're using different versions during
> compilation/testing/runtime.
> Differences:
> ||Artifact||redist||common (compilation)||test||
> |commons-pool|not in redist|1.5.4|*1.6*|
> |commons-codec|1.4|1.9|*1.9*|
> |commons-io|1.4|2.4|*2.4*|
> |commons-logging|1.1.1|1.2|*1.2*|
> |slf4j-api|1.6.1|1.7.7|*1.7.7*|
> I'd suggest using the version *in bold* in all three configurations to use
> the latest versions.
> To achieve this we should exclude these artifacts from the transitive
> dependencies and define them explicitly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[
https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467355#comment-16467355
]
Daniel Voros commented on SQOOP-3322:
-
One more thing I'd include in this ticket is bumping (defining to be more
precise, and not just getting via transitive dependencies) jackson-databind
version from 2.3.1 to 2.9.5 that isn't affected by CVE-2017-7525.
> Version differences between ivy configurations
> --
>
> Key: SQOOP-3322
> URL: https://issues.apache.org/jira/browse/SQOOP-3322
> Project: Sqoop
> Issue Type: Bug
> Components: build
>Affects Versions: 1.4.7
>Reporter: Daniel Voros
>Assignee: Daniel Voros
>Priority: Minor
>
> We have multiple ivy configurations defined in ivy.xml.
> - The {{redist}} configuration is used to select the artifacts that need to
> be distributed with Sqoop in its tar.gz.
> - The {{common}} configuration is used to set the classpath during
> compilation (also refered to as 'hadoop classpath')
> - The {{test}} configuration is used to set the classpath during junit
> execution. It extends the {{common}} config.
> Some artifacts end up having different versions between these three
> configurations, which means we're using different versions during
> compilation/testing/runtime.
> Differences:
> ||Artifact||redist||common (compilation)||test||
> |commons-pool|not in redist|1.5.4|*1.6*|
> |commons-codec|1.4|1.9|*1.9*|
> |commons-io|1.4|2.4|*2.4*|
> |commons-logging|1.1.1|1.2|*1.2*|
> |slf4j-api|1.6.1|1.7.7|*1.7.7*|
> I'd suggest using the version *in bold* in all three configurations to use
> the latest versions.
> To achieve this we should exclude these artifacts from the transitive
> dependencies and define them explicitly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[
https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16465464#comment-16465464
]
Szabolcs Vasas commented on SQOOP-3322:
---
Hi [~dvoros],
Thank you for raising this Jira it is a really nice catch!
I think we could also bump up the redist dependencies to the versions we use
during testing since this fix will most probably end up in a big major release,
what do you think?
Szabolcs
> Version differences between ivy configurations
> --
>
> Key: SQOOP-3322
> URL: https://issues.apache.org/jira/browse/SQOOP-3322
> Project: Sqoop
> Issue Type: Bug
> Components: build
>Affects Versions: 1.4.7
>Reporter: Daniel Voros
>Assignee: Daniel Voros
>Priority: Minor
>
> We have multiple ivy configurations defined in ivy.xml.
> - The {{redist}} configuration is used to select the artifacts that need to
> be distributed with Sqoop in its tar.gz.
> - The {{common}} configuration is used to set the classpath during
> compilation (also refered to as 'hadoop classpath')
> - The {{test}} configuration is used to set the classpath during junit
> execution. It extends the {{common}} config.
> Some artifacts end up having different versions between these three
> configurations, which means we're using different versions during
> compilation/testing/runtime.
> Differences:
> ||Artifact||redist||common (compilation)||test||
> |commons-pool|not in redist|1.5.4|*1.6*|
> |commons-codec|*1.4*|1.9|1.9|
> |commons-io|*1.4*|2.4|2.4|
> |commons-logging|*1.1.1*|1.2|1.2|
> |slf4j-api|*1.6.1*|1.7.7|1.7.7|
> I'd suggest using the version *in bold* in all three configurations, based on:
> - keep version from redist (where there is one), since that's the version we
> were shipping with and used in production
> - keep the latest version in case of commons-pool that is not part of the
> redist config
> To achieve this we should exclude these artifacts from the transitive
> dependencies and define them explicitly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
