[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[ https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16470842#comment-16470842 ] Boglarka Egyed commented on SQOOP-3322: --- Thanks [~dvoros] for this clean up! Please close the Review Request too. > Version differences between ivy configurations > -- > > Key: SQOOP-3322 > URL: https://issues.apache.org/jira/browse/SQOOP-3322 > Project: Sqoop > Issue Type: Bug > Components: build >Affects Versions: 1.4.7 >Reporter: Daniel Voros >Assignee: Daniel Voros >Priority: Minor > Fix For: 3.0.0 > > > We have multiple ivy configurations defined in ivy.xml. > - The {{redist}} configuration is used to select the artifacts that need to > be distributed with Sqoop in its tar.gz. > - The {{common}} configuration is used to set the classpath during > compilation (also refered to as 'hadoop classpath') > - The {{test}} configuration is used to set the classpath during junit > execution. It extends the {{common}} config. > Some artifacts end up having different versions between these three > configurations, which means we're using different versions during > compilation/testing/runtime. > Differences: > ||Artifact||redist||common (compilation)||test|| > |commons-pool|not in redist|1.5.4|*1.6*| > |commons-codec|1.4|1.9|*1.9*| > |commons-io|1.4|2.4|*2.4*| > |commons-logging|1.1.1|1.2|*1.2*| > |slf4j-api|1.6.1|1.7.7|*1.7.7*| > I'd suggest using the version *in bold* in all three configurations to use > the latest versions. > To achieve this we should exclude these artifacts from the transitive > dependencies and define them explicitly. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[ https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16470839#comment-16470839 ] Hudson commented on SQOOP-3322: --- SUCCESS: Integrated in Jenkins build Sqoop-hadoop200 #1165 (See [https://builds.apache.org/job/Sqoop-hadoop200/1165/]) SQOOP-3322: Version differences between ivy configurations (bogi: [https://git-wip-us.apache.org/repos/asf?p=sqoop.git&a=commit&h=2ca85527fd9f927add9127f91f3f3ef0c98fed6e]) * (edit) ivy.xml * (edit) ivy/libraries.properties > Version differences between ivy configurations > -- > > Key: SQOOP-3322 > URL: https://issues.apache.org/jira/browse/SQOOP-3322 > Project: Sqoop > Issue Type: Bug > Components: build >Affects Versions: 1.4.7 >Reporter: Daniel Voros >Assignee: Daniel Voros >Priority: Minor > Fix For: 3.0.0 > > > We have multiple ivy configurations defined in ivy.xml. > - The {{redist}} configuration is used to select the artifacts that need to > be distributed with Sqoop in its tar.gz. > - The {{common}} configuration is used to set the classpath during > compilation (also refered to as 'hadoop classpath') > - The {{test}} configuration is used to set the classpath during junit > execution. It extends the {{common}} config. > Some artifacts end up having different versions between these three > configurations, which means we're using different versions during > compilation/testing/runtime. > Differences: > ||Artifact||redist||common (compilation)||test|| > |commons-pool|not in redist|1.5.4|*1.6*| > |commons-codec|1.4|1.9|*1.9*| > |commons-io|1.4|2.4|*2.4*| > |commons-logging|1.1.1|1.2|*1.2*| > |slf4j-api|1.6.1|1.7.7|*1.7.7*| > I'd suggest using the version *in bold* in all three configurations to use > the latest versions. > To achieve this we should exclude these artifacts from the transitive > dependencies and define them explicitly. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[ https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16470713#comment-16470713 ] ASF subversion and git services commented on SQOOP-3322: Commit 2ca85527fd9f927add9127f91f3f3ef0c98fed6e in sqoop's branch refs/heads/trunk from [~BoglarkaEgyed] [ https://git-wip-us.apache.org/repos/asf?p=sqoop.git;h=2ca8552 ] SQOOP-3322: Version differences between ivy configurations (Daniel Voros via Boglarka Egyed) > Version differences between ivy configurations > -- > > Key: SQOOP-3322 > URL: https://issues.apache.org/jira/browse/SQOOP-3322 > Project: Sqoop > Issue Type: Bug > Components: build >Affects Versions: 1.4.7 >Reporter: Daniel Voros >Assignee: Daniel Voros >Priority: Minor > Fix For: 3.0.0 > > > We have multiple ivy configurations defined in ivy.xml. > - The {{redist}} configuration is used to select the artifacts that need to > be distributed with Sqoop in its tar.gz. > - The {{common}} configuration is used to set the classpath during > compilation (also refered to as 'hadoop classpath') > - The {{test}} configuration is used to set the classpath during junit > execution. It extends the {{common}} config. > Some artifacts end up having different versions between these three > configurations, which means we're using different versions during > compilation/testing/runtime. > Differences: > ||Artifact||redist||common (compilation)||test|| > |commons-pool|not in redist|1.5.4|*1.6*| > |commons-codec|1.4|1.9|*1.9*| > |commons-io|1.4|2.4|*2.4*| > |commons-logging|1.1.1|1.2|*1.2*| > |slf4j-api|1.6.1|1.7.7|*1.7.7*| > I'd suggest using the version *in bold* in all three configurations to use > the latest versions. > To achieve this we should exclude these artifacts from the transitive > dependencies and define them explicitly. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[ https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467438#comment-16467438 ] Daniel Voros commented on SQOOP-3322: - Attaching review request. > Version differences between ivy configurations > -- > > Key: SQOOP-3322 > URL: https://issues.apache.org/jira/browse/SQOOP-3322 > Project: Sqoop > Issue Type: Bug > Components: build >Affects Versions: 1.4.7 >Reporter: Daniel Voros >Assignee: Daniel Voros >Priority: Minor > > We have multiple ivy configurations defined in ivy.xml. > - The {{redist}} configuration is used to select the artifacts that need to > be distributed with Sqoop in its tar.gz. > - The {{common}} configuration is used to set the classpath during > compilation (also refered to as 'hadoop classpath') > - The {{test}} configuration is used to set the classpath during junit > execution. It extends the {{common}} config. > Some artifacts end up having different versions between these three > configurations, which means we're using different versions during > compilation/testing/runtime. > Differences: > ||Artifact||redist||common (compilation)||test|| > |commons-pool|not in redist|1.5.4|*1.6*| > |commons-codec|1.4|1.9|*1.9*| > |commons-io|1.4|2.4|*2.4*| > |commons-logging|1.1.1|1.2|*1.2*| > |slf4j-api|1.6.1|1.7.7|*1.7.7*| > I'd suggest using the version *in bold* in all three configurations to use > the latest versions. > To achieve this we should exclude these artifacts from the transitive > dependencies and define them explicitly. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[ https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467355#comment-16467355 ] Daniel Voros commented on SQOOP-3322: - One more thing I'd include in this ticket is bumping (defining to be more precise, and not just getting via transitive dependencies) jackson-databind version from 2.3.1 to 2.9.5 that isn't affected by CVE-2017-7525. > Version differences between ivy configurations > -- > > Key: SQOOP-3322 > URL: https://issues.apache.org/jira/browse/SQOOP-3322 > Project: Sqoop > Issue Type: Bug > Components: build >Affects Versions: 1.4.7 >Reporter: Daniel Voros >Assignee: Daniel Voros >Priority: Minor > > We have multiple ivy configurations defined in ivy.xml. > - The {{redist}} configuration is used to select the artifacts that need to > be distributed with Sqoop in its tar.gz. > - The {{common}} configuration is used to set the classpath during > compilation (also refered to as 'hadoop classpath') > - The {{test}} configuration is used to set the classpath during junit > execution. It extends the {{common}} config. > Some artifacts end up having different versions between these three > configurations, which means we're using different versions during > compilation/testing/runtime. > Differences: > ||Artifact||redist||common (compilation)||test|| > |commons-pool|not in redist|1.5.4|*1.6*| > |commons-codec|1.4|1.9|*1.9*| > |commons-io|1.4|2.4|*2.4*| > |commons-logging|1.1.1|1.2|*1.2*| > |slf4j-api|1.6.1|1.7.7|*1.7.7*| > I'd suggest using the version *in bold* in all three configurations to use > the latest versions. > To achieve this we should exclude these artifacts from the transitive > dependencies and define them explicitly. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SQOOP-3322) Version differences between ivy configurations
[ https://issues.apache.org/jira/browse/SQOOP-3322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16465464#comment-16465464 ] Szabolcs Vasas commented on SQOOP-3322: --- Hi [~dvoros], Thank you for raising this Jira it is a really nice catch! I think we could also bump up the redist dependencies to the versions we use during testing since this fix will most probably end up in a big major release, what do you think? Szabolcs > Version differences between ivy configurations > -- > > Key: SQOOP-3322 > URL: https://issues.apache.org/jira/browse/SQOOP-3322 > Project: Sqoop > Issue Type: Bug > Components: build >Affects Versions: 1.4.7 >Reporter: Daniel Voros >Assignee: Daniel Voros >Priority: Minor > > We have multiple ivy configurations defined in ivy.xml. > - The {{redist}} configuration is used to select the artifacts that need to > be distributed with Sqoop in its tar.gz. > - The {{common}} configuration is used to set the classpath during > compilation (also refered to as 'hadoop classpath') > - The {{test}} configuration is used to set the classpath during junit > execution. It extends the {{common}} config. > Some artifacts end up having different versions between these three > configurations, which means we're using different versions during > compilation/testing/runtime. > Differences: > ||Artifact||redist||common (compilation)||test|| > |commons-pool|not in redist|1.5.4|*1.6*| > |commons-codec|*1.4*|1.9|1.9| > |commons-io|*1.4*|2.4|2.4| > |commons-logging|*1.1.1*|1.2|1.2| > |slf4j-api|*1.6.1*|1.7.7|1.7.7| > I'd suggest using the version *in bold* in all three configurations, based on: > - keep version from redist (where there is one), since that's the version we > were shipping with and used in production > - keep the latest version in case of commons-pool that is not part of the > redist config > To achieve this we should exclude these artifacts from the transitive > dependencies and define them explicitly. -- This message was sent by Atlassian JIRA (v7.6.3#76005)