Re: Completeness of Beam Java Dependency Check Report

Hi Yifan, I found resolutionStrategy is interfering gradle-versions-plugin (detail in BEAM-8654). Would you check this PR? https://github.com/apache/beam/pull/10127 On Thu, Nov 14, 2019 at 1:42 PM Kenneth Knowles wrote: > On Thu, Nov 14, 2019 at 8:04 AM Alexey Romanenko > wrote: > >> Good

Re: Completeness of Beam Java Dependency Check Report

On Thu, Nov 14, 2019 at 8:04 AM Alexey Romanenko wrote: > Good example about Guava deps, let me go a bit deeper. > > $ find . -name build.gradle | xargs grep library.java.guava > ./sdks/java/core/build.gradle: shadowTest library.java.guava_testlib > > ./sdks/java/io/kinesis/build.gradle:

Re: Completeness of Beam Java Dependency Check Report

Good example about Guava deps, let me go a bit deeper. > $ find . -name build.gradle | xargs grep library.java.guava > ./sdks/java/core/build.gradle: shadowTest library.java.guava_testlib > ./sdks/java/io/kinesis/build.gradle: testCompile library.java.guava_testlib Regarding using

Re: Completeness of Beam Java Dependency Check Report

The dependency management tool is back. See the latest report . On Tue, Nov 12, 2019 at 9:51 AM Yifan Zou wrote: > Thanks Tomo. I'll follow up in JIRA. > > On Tue,

Re: Completeness of Beam Java Dependency Check Report

Thanks Tomo. I'll follow up in JIRA. On Tue, Nov 12, 2019 at 9:44 AM Tomo Suzuki wrote: > Yifan, > I created a ticket to track this finding: > https://issues.apache.org/jira/browse/BEAM-8621 . > > > On Mon, Nov 11, 2019 at 5:08 PM Tomo Suzuki wrote: > >> Kenn, >> >> Thank you for the analysis.

Re: Completeness of Beam Java Dependency Check Report

Yifan, I created a ticket to track this finding: https://issues.apache.org/jira/browse/BEAM-8621 . On Mon, Nov 11, 2019 at 5:08 PM Tomo Suzuki wrote: > Kenn, > > Thank you for the analysis. Although Guava was randomly picked up, it's > great learning for me to learn how you analyzed other

Re: Completeness of Beam Java Dependency Check Report

Kenn, Thank you for the analysis. Although Guava was randomly picked up, it's great learning for me to learn how you analyzed other modules using Guava. On Mon, Nov 11, 2019 at 4:29 PM Kenneth Knowles wrote: > BeamModulePlugin just contains lists of versions to ease coordination > across Beam

Re: Completeness of Beam Java Dependency Check Report

BeamModulePlugin just contains lists of versions to ease coordination across Beam modules, but mostly does not create dependencies. Most of Beam's modules only depend on a few things there. For example Guava is not a core dependency, but here is where it is actually depended upon: $ find . -name

Re: Completeness of Beam Java Dependency Check Report

Chamikara and Yifan, Thank you for the responses! Looking forward to hearing the investigation result. In the meantime, I'll explore .test-infra/jenkins/dependency_check directory.

Re: Completeness of Beam Java Dependency Check Report

Hi, Thanks for taking care of Beam dependencies. The guava was tracked in BEAM-5559 . It was filtered out by the tool because of the target version is x.y-jre. On the other hand, I checked the logs of dependency job and found that the high

Re: Completeness of Beam Java Dependency Check Report

On Mon, Nov 11, 2019 at 10:14 AM Tomo Suzuki wrote: > Hi Beam developers, > (I'm thinking to contribute to upgrades of Java dependencies of Beam; I > just read https://beam.apache.org/contribute/dependencies/) > Thanks that will be great. > > As per the weekly report, Apache Beam Java SDK

Completeness of Beam Java Dependency Check Report

Hi Beam developers, (I'm thinking to contribute to upgrades of Java dependencies of Beam; I just read https://beam.apache.org/contribute/dependencies/) As per the weekly report, Apache Beam Java SDK only has 8 outdated dependencies based on the criteria. However, it seems many others are not