[jira] [Commented] (HBASE-22130) [hbase-thirdparty] Upgrade thirdparty dependencies
[ https://issues.apache.org/jira/browse/HBASE-22130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16805865#comment-16805865 ] stack commented on HBASE-22130: --- Patch improvements look good to me. Let me push. Will roll an RC for 2.2.0. > [hbase-thirdparty] Upgrade thirdparty dependencies > -- > > Key: HBASE-22130 > URL: https://issues.apache.org/jira/browse/HBASE-22130 > Project: HBase > Issue Type: Task > Components: thirdparty >Reporter: Duo Zhang >Assignee: stack >Priority: Major > Attachments: > 0001-HBASE-22130-hbase-thirdparty-Upgrade-thirdparty-depe.patch, > HBASE-22130.patch > > > First guava has a CVE so we need to upgrade to at least 26.0, better to the > newest 27.1. > And we can also upgrade the other dependencies to the newest version at the > same time. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22130) [hbase-thirdparty] Upgrade thirdparty dependencies
[ https://issues.apache.org/jira/browse/HBASE-22130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16805683#comment-16805683 ] Guanghao Zhang commented on HBASE-22130: +1 to upgrade hbase-thridparty for 2.2.0. > [hbase-thirdparty] Upgrade thirdparty dependencies > -- > > Key: HBASE-22130 > URL: https://issues.apache.org/jira/browse/HBASE-22130 > Project: HBase > Issue Type: Task > Components: thirdparty >Reporter: Duo Zhang >Assignee: stack >Priority: Major > Attachments: > 0001-HBASE-22130-hbase-thirdparty-Upgrade-thirdparty-depe.patch, > HBASE-22130.patch > > > First guava has a CVE so we need to upgrade to at least 26.0, better to the > newest 27.1. > And we can also upgrade the other dependencies to the newest version at the > same time. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22130) [hbase-thirdparty] Upgrade thirdparty dependencies
[ https://issues.apache.org/jira/browse/HBASE-22130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16805581#comment-16805581 ] Duo Zhang commented on HBASE-22130: --- [~stack] PTAL sir. Thanks. > [hbase-thirdparty] Upgrade thirdparty dependencies > -- > > Key: HBASE-22130 > URL: https://issues.apache.org/jira/browse/HBASE-22130 > Project: HBase > Issue Type: Task > Components: thirdparty >Reporter: Duo Zhang >Assignee: stack >Priority: Major > Attachments: > 0001-HBASE-22130-hbase-thirdparty-Upgrade-thirdparty-depe.patch, > HBASE-22130.patch > > > First guava has a CVE so we need to upgrade to at least 26.0, better to the > newest 27.1. > And we can also upgrade the other dependencies to the newest version at the > same time. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22130) [hbase-thirdparty] Upgrade thirdparty dependencies
[ https://issues.apache.org/jira/browse/HBASE-22130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16805574#comment-16805574 ] Duo Zhang commented on HBASE-22130: --- [~stack] I think we'd better exclude several transitive dependencies from guava, as we did before. Let me polish the patch~ > [hbase-thirdparty] Upgrade thirdparty dependencies > -- > > Key: HBASE-22130 > URL: https://issues.apache.org/jira/browse/HBASE-22130 > Project: HBase > Issue Type: Task > Components: thirdparty >Reporter: Duo Zhang >Assignee: stack >Priority: Major > Attachments: > 0001-HBASE-22130-hbase-thirdparty-Upgrade-thirdparty-depe.patch > > > First guava has a CVE so we need to upgrade to at least 26.0, better to the > newest 27.1. > And we can also upgrade the other dependencies to the newest version at the > same time. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22130) [hbase-thirdparty] Upgrade thirdparty dependencies
[ https://issues.apache.org/jira/browse/HBASE-22130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16805237#comment-16805237 ] stack commented on HBASE-22130: --- .0001 Updates: gson 2.8.1 -> 2.8.5 guava 22.0 -> 27.1-jre pb 3.5.1 -> 3.7.0 netty 4.1.17 -> 4.1.34 commons-collections4 4.1 -> 4.3 Updated apache parent pom from 18 to 21 and misc plugins. Next would be putting up an RC. > [hbase-thirdparty] Upgrade thirdparty dependencies > -- > > Key: HBASE-22130 > URL: https://issues.apache.org/jira/browse/HBASE-22130 > Project: HBase > Issue Type: Task > Components: thirdparty >Reporter: Duo Zhang >Assignee: kevin su >Priority: Major > Attachments: > 0001-HBASE-22130-hbase-thirdparty-Upgrade-thirdparty-depe.patch > > > First guava has a CVE so we need to upgrade to at least 26.0, better to the > newest 27.1. > And we can also upgrade the other dependencies to the newest version at the > same time. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22130) [hbase-thirdparty] Upgrade thirdparty dependencies
[ https://issues.apache.org/jira/browse/HBASE-22130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16805231#comment-16805231 ] stack commented on HBASE-22130: --- The last release was a year ago. Could we get a release of hbase-thirdparty done for 2.2.0? ([~zghaobac] -- what you think?) Could update some of these mvn plugins in the poms. No harm in pb update. Seems to be just bug fixes... not much done in java. Yeah on netty... from 4.1.17 to 4.1.34 Let me put up a patch > [hbase-thirdparty] Upgrade thirdparty dependencies > -- > > Key: HBASE-22130 > URL: https://issues.apache.org/jira/browse/HBASE-22130 > Project: HBase > Issue Type: Task > Components: thirdparty >Reporter: Duo Zhang >Assignee: kevin su >Priority: Major > > First guava has a CVE so we need to upgrade to at least 26.0, better to the > newest 27.1. > And we can also upgrade the other dependencies to the newest version at the > same time. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HBASE-22130) [hbase-thirdparty] Upgrade thirdparty dependencies
[ https://issues.apache.org/jira/browse/HBASE-22130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16804947#comment-16804947 ] Duo Zhang commented on HBASE-22130: --- I think we can upgrade netty to the newest 4.1.x. And do we need to upgrade protobuf? It seems that the newest version is 3.7.0 now. > [hbase-thirdparty] Upgrade thirdparty dependencies > -- > > Key: HBASE-22130 > URL: https://issues.apache.org/jira/browse/HBASE-22130 > Project: HBase > Issue Type: Task > Components: thirdparty >Reporter: Duo Zhang >Priority: Major > > First guava has a CVE so we need to upgrade to at least 26.0, better to the > newest 27.1. > And we can also upgrade the other dependencies to the newest version at the > same time. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
