You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by hx...@apache.org on 2020/11/08 14:42:15 UTC
[iotdb] branch rel/0.11 updated: merge with dependencies Convergence
This is an automated email from the ASF dual-hosted git repository.
hxd pushed a commit to branch rel/0.11
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/rel/0.11 by this push:
new 3a69055 merge with dependencies Convergence
3a69055 is described below
commit 3a69055a0561ee5b9d52838bd058bbdb3dbab37d
Author: Xiangdong Huang <hx...@apache.org>
AuthorDate: Sun Nov 8 22:38:52 2020 +0800
merge with dependencies Convergence
---
hadoop/pom.xml | 2 +-
hive-connector/pom.xml | 15 ++++
pom.xml | 160 +++++++++++++++++++++---------------------
spark-iotdb-connector/pom.xml | 13 ++++
4 files changed, 109 insertions(+), 81 deletions(-)
diff --git a/hadoop/pom.xml b/hadoop/pom.xml
index f6227d1..6b33daa 100644
--- a/hadoop/pom.xml
+++ b/hadoop/pom.xml
@@ -57,7 +57,7 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>16.0.1</version>
+ <version>21.0</version>
</dependency>
</dependencies>
<build>
diff --git a/hive-connector/pom.xml b/hive-connector/pom.xml
index 77f3124..ae1bd5a 100644
--- a/hive-connector/pom.xml
+++ b/hive-connector/pom.xml
@@ -54,8 +54,19 @@
<groupId>org.apache.hive</groupId>
<artifactId>hive-storage-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <!-- many of hadoop dependencies use guava11, but org.apache.curator from hadoop-common uses
+ guava16 -->
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>21.0</version>
+ </dependency>
<!-- force upgrade the dependency of hive-serde-->
<dependency>
<groupId>org.apache.orc</groupId>
@@ -77,6 +88,10 @@
<groupId>org.antlr</groupId>
<artifactId>antlr-runtime</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
</exclusions>
</dependency>
</dependencies>
diff --git a/pom.xml b/pom.xml
index 1505e0f..cdd086a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -584,6 +584,86 @@
</pluginManagement>
<plugins>
<!--
+ Strange things usually happen if you run with a too low Java version.
+ This plugin not only checks the minimum java version of 1.8, but also
+ checks all dependencies (and transitive dependencies) for reported CVEs.
+ -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.0.0-M2</version>
+ <!--$NO-MVN-MAN-VER$-->
+ <executions>
+ <!-- Ensure we're not mixing dependency versions -->
+ <execution>
+ <id>enforce-version-convergence</id>
+ <configuration>
+ <rules>
+ <dependencyConvergence/>
+ </rules>
+ </configuration>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ </execution>
+ <!--
+ Fails the build if classes are included from multiple
+ artifacts and these are not identical.
+ -->
+ <!--execution>
+ <id>enforce-ban-duplicate-classes</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <banDuplicateClasses>
+ <scopes>
+ <scope>compile</scope>
+ <scope>provided</scope>
+ </scopes>
+ <findAllDuplicates>true</findAllDuplicates>
+ <ignoreWhenIdentical>true</ignoreWhenIdentical>
+ </banDuplicateClasses>
+ </rules>
+ <fail>true</fail>
+ </configuration>
+ </execution-->
+ <!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
+ <execution>
+ <id>vulnerability-checks</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <!-- Just generate warnings for now -->
+ <fail>false</fail>
+ <rules>
+ <requireJavaVersion>
+ <version>1.8.0</version>
+ </requireJavaVersion>
+ <!-- Disabled for now as it breaks the ability to build single modules -->
+ <!--reactorModuleConvergence/-->
+ <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
+ </rules>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.sonatype.ossindex.maven</groupId>
+ <artifactId>ossindex-maven-enforcer-rules</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>extra-enforcer-rules</artifactId>
+ <version>1.2</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ <!--
Even if Maven transitively pulls in dependencies, relying on these can
quite often cause hard to find problems. So it's a good practice to make
sure everything directly required is also directly added as a dependency.
@@ -1014,86 +1094,6 @@
</execution>
</executions>
</plugin>
- <!--
- Strange things usually happen if you run with a too low Java version.
- This plugin not only checks the minimum java version of 1.8, but also
- checks all dependencies (and transitive dependencies) for reported CVEs.
- -->
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-enforcer-plugin</artifactId>
- <version>3.0.0-M2</version>
- <!--$NO-MVN-MAN-VER$-->
- <executions>
- <!-- Ensure we're not mixing dependency versions -->
- <execution>
- <id>enforce-version-convergence</id>
- <configuration>
- <rules>
- <dependencyConvergence/>
- </rules>
- </configuration>
- <goals>
- <goal>enforce</goal>
- </goals>
- </execution>
- <!--
- Fails the build if classes are included from multiple
- artifacts and these are not identical.
- -->
- <!--execution>
- <id>enforce-ban-duplicate-classes</id>
- <goals>
- <goal>enforce</goal>
- </goals>
- <configuration>
- <rules>
- <banDuplicateClasses>
- <scopes>
- <scope>compile</scope>
- <scope>provided</scope>
- </scopes>
- <findAllDuplicates>true</findAllDuplicates>
- <ignoreWhenIdentical>true</ignoreWhenIdentical>
- </banDuplicateClasses>
- </rules>
- <fail>true</fail>
- </configuration>
- </execution-->
- <!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
- <execution>
- <id>vulnerability-checks</id>
- <phase>validate</phase>
- <goals>
- <goal>enforce</goal>
- </goals>
- <configuration>
- <!-- Just generate warnings for now -->
- <fail>false</fail>
- <rules>
- <requireJavaVersion>
- <version>1.8.0</version>
- </requireJavaVersion>
- <!-- Disabled for now as it breaks the ability to build single modules -->
- <!--reactorModuleConvergence/-->
- <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
- </rules>
- </configuration>
- </execution>
- </executions>
- <dependencies>
- <dependency>
- <groupId>org.sonatype.ossindex.maven</groupId>
- <artifactId>ossindex-maven-enforcer-rules</artifactId>
- <version>1.0.0</version>
- </dependency>
- <dependency>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>extra-enforcer-rules</artifactId>
- <version>1.2</version>
- </dependency>
- </dependencies>
- </plugin>
</plugins>
</build>
</profile>
diff --git a/spark-iotdb-connector/pom.xml b/spark-iotdb-connector/pom.xml
index b0700d5..2b0600c 100644
--- a/spark-iotdb-connector/pom.xml
+++ b/spark-iotdb-connector/pom.xml
@@ -60,6 +60,19 @@
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- many of hadoop dependencies use guava11, but org.apache.curator from hadoop-common uses
+ guava16 -->
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>21.0</version>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>