You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/12/14 06:51:16 UTC
[GitHub] [pulsar] lhotari opened a new issue, #18920: [Bug] org.apache.pulsar:pulsar-io-kafka depends on io.confluent:kafka-schema-registry which has incompatible license
lhotari opened a new issue, #18920:
URL: https://github.com/apache/pulsar/issues/18920
### Search before asking
- [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar.
### Version
master, 5dcc9b0c3b07b88c4b744a0b5fbf3f59331f803d
### Minimal reproduce step
Run `mvn -pl pulsar-io/kafka dependency:tree`
```
[INFO] --- maven-dependency-plugin:3.3.0:tree (default-cli) @ pulsar-io-kafka ---
[INFO] org.apache.pulsar:pulsar-io-kafka:jar:2.12.0-SNAPSHOT
[INFO] +- org.apache.pulsar:pulsar-io-core:jar:2.12.0-SNAPSHOT:provided
[INFO] +- org.apache.pulsar:pulsar-client-original:jar:2.12.0-SNAPSHOT:compile
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.4.2:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.4:compile
[INFO] | \- com.fasterxml.jackson.core:jackson-core:jar:2.13.4:compile
[INFO] +- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.13.4:compile
[INFO] | \- org.yaml:snakeyaml:jar:1.32:compile
[INFO] +- com.google.guava:guava:jar:31.0.1-jre:compile
[INFO] | +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] | +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] | +- org.checkerframework:checker-qual:jar:3.12.0:compile
[INFO] | +- com.google.errorprone:error_prone_annotations:jar:2.5.1:compile
[INFO] | \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- org.apache.kafka:kafka-clients:jar:2.7.2:compile
[INFO] | +- com.github.luben:zstd-jni:jar:1.5.2-3:compile
[INFO] | +- org.lz4:lz4-java:jar:1.7.1:compile
[INFO] | +- org.xerial.snappy:snappy-java:jar:1.1.8.4:compile
[INFO] | \- org.slf4j:slf4j-api:jar:1.7.32:compile
[INFO] +- io.confluent:kafka-schema-registry:jar:5.3.0:compile
[INFO] | +- io.confluent:kafka-schema-registry-client:jar:5.3.0:compile
[INFO] | +- org.apache.kafka:kafka_2.12:jar:5.3.0-ccs:compile
[INFO] | | +- com.fasterxml.jackson.module:jackson-module-scala_2.12:jar:2.13.4:compile
[INFO] | | +- com.fasterxml.jackson.dataformat:jackson-dataformat-csv:jar:2.13.4:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.13.4:compile
[INFO] | | +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:compile
[INFO] | | +- com.yammer.metrics:metrics-core:jar:2.2.0:compile
[INFO] | | +- org.scala-lang:scala-library:jar:2.12.8:compile
[INFO] | | +- org.scala-lang:scala-reflect:jar:2.12.8:compile
[INFO] | | +- com.typesafe.scala-logging:scala-logging_2.12:jar:3.9.0:compile
[INFO] | | +- com.101tec:zkclient:jar:0.11:compile
[INFO] | | \- org.apache.zookeeper:zookeeper:jar:3.8.0:compile
[INFO] | | +- org.apache.zookeeper:zookeeper-jute:jar:3.8.0:compile
[INFO] | | +- org.apache.yetus:audience-annotations:jar:0.12.0:compile
[INFO] | | \- io.netty:netty-transport-native-epoll:jar:4.1.86.Final:compile
[INFO] | +- io.confluent:common-config:jar:5.3.0:compile
[INFO] | +- io.confluent:common-utils:jar:5.3.0:compile
[INFO] | +- org.glassfish.jersey.ext:jersey-bean-validation:jar:2.34:compile
[INFO] | | +- org.glassfish.hk2.external:jakarta.inject:jar:2.6.1:compile
[INFO] | | +- org.glassfish.jersey.core:jersey-common:jar:2.34:compile
[INFO] | | | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | | | \- org.glassfish.hk2:osgi-resource-locator:jar:1.0.3:compile
[INFO] | | +- org.glassfish.jersey.core:jersey-server:jar:2.34:compile
[INFO] | | | \- org.glassfish.jersey.core:jersey-client:jar:2.34:compile
[INFO] | | +- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] | | +- org.hibernate.validator:hibernate-validator:jar:6.1.2.Final:compile
[INFO] | | | +- org.jboss.logging:jboss-logging:jar:3.3.2.Final:compile
[INFO] | | | \- com.fasterxml:classmate:jar:1.3.4:compile
[INFO] | | +- jakarta.el:jakarta.el-api:jar:3.0.3:compile
[INFO] | | +- org.glassfish:jakarta.el:jar:3.0.4:compile
[INFO] | | \- jakarta.ws.rs:jakarta.ws.rs-api:jar:2.1.6:compile
[INFO] | +- io.confluent:rest-utils:jar:5.3.0:compile
[INFO] | | +- org.eclipse.jetty.websocket:javax-websocket-server-impl:jar:9.4.48.v20220622:compile
[INFO] | | | +- org.eclipse.jetty:jetty-annotations:jar:9.4.48.v20220622:compile
[INFO] | | | | +- org.eclipse.jetty:jetty-plus:jar:9.4.48.v20220622:compile
[INFO] | | | | | \- org.eclipse.jetty:jetty-jndi:jar:9.4.48.v20220622:compile
[INFO] | | | | +- org.eclipse.jetty:jetty-webapp:jar:9.4.48.v20220622:compile
[INFO] | | | | | \- org.eclipse.jetty:jetty-xml:jar:9.4.48.v20220622:compile
[INFO] | | | | +- org.ow2.asm:asm:jar:9.3:compile
[INFO] | | | | \- org.ow2.asm:asm-commons:jar:9.3:compile
[INFO] | | | | +- org.ow2.asm:asm-tree:jar:9.3:compile
[INFO] | | | | \- org.ow2.asm:asm-analysis:jar:9.3:compile
[INFO] | | | +- org.eclipse.jetty.websocket:javax-websocket-client-impl:jar:9.4.48.v20220622:compile
[INFO] | | | | +- org.eclipse.jetty.websocket:websocket-client:jar:9.4.48.v20220622:compile
[INFO] | | | | | \- org.eclipse.jetty:jetty-client:jar:9.4.48.v20220622:compile
[INFO] | | | | \- javax.websocket:javax.websocket-client-api:jar:1.0:compile
[INFO] | | | +- org.eclipse.jetty.websocket:websocket-server:jar:9.4.48.v20220622:compile
[INFO] | | | | +- org.eclipse.jetty.websocket:websocket-common:jar:9.4.48.v20220622:compile
[INFO] | | | | | \- org.eclipse.jetty.websocket:websocket-api:jar:9.4.48.v20220622:compile
[INFO] | | | | \- org.eclipse.jetty.websocket:websocket-servlet:jar:9.4.48.v20220622:compile
[INFO] | | | \- javax.websocket:javax.websocket-api:jar:1.0:compile
[INFO] | | +- io.confluent:common-metrics:jar:5.3.0:compile
[INFO] | | +- org.glassfish.jersey.containers:jersey-container-servlet:jar:2.34:compile
[INFO] | | | \- org.glassfish.jersey.containers:jersey-container-servlet-core:jar:2.34:compile
[INFO] | | +- org.glassfish.jersey.inject:jersey-hk2:jar:2.34:compile
[INFO] | | | +- org.glassfish.hk2:hk2-locator:jar:2.6.1:compile
[INFO] | | | | +- org.glassfish.hk2.external:aopalliance-repackaged:jar:2.6.1:compile
[INFO] | | | | +- org.glassfish.hk2:hk2-api:jar:2.6.1:compile
[INFO] | | | | \- org.glassfish.hk2:hk2-utils:jar:2.6.1:compile
[INFO] | | | \- org.javassist:javassist:jar:3.25.0-GA:compile
[INFO] | | +- javax.xml.bind:jaxb-api:jar:2.3.1:compile
[INFO] | | | \- javax.activation:javax.activation-api:jar:1.2.0:compile
[INFO] | | +- javax.activation:activation:jar:1.1.1:compile
[INFO] | | +- org.eclipse.jetty:jetty-jmx:jar:9.4.48.v20220622:compile
[INFO] | | | \- org.eclipse.jetty:jetty-util:jar:9.4.48.v20220622:compile
[INFO] | | +- org.eclipse.jetty:jetty-server:jar:9.4.48.v20220622:compile
[INFO] | | | +- javax.servlet:javax.servlet-api:jar:3.1.0:compile
[INFO] | | | +- org.eclipse.jetty:jetty-http:jar:9.4.48.v20220622:compile
[INFO] | | | \- org.eclipse.jetty:jetty-io:jar:9.4.48.v20220622:compile
[INFO] | | +- org.eclipse.jetty:jetty-servlet:jar:9.4.48.v20220622:compile
[INFO] | | | +- org.eclipse.jetty:jetty-security:jar:9.4.48.v20220622:compile
[INFO] | | | \- org.eclipse.jetty:jetty-util-ajax:jar:9.4.48.v20220622:compile
[INFO] | | +- org.eclipse.jetty:jetty-servlets:jar:9.4.48.v20220622:compile
[INFO] | | | \- org.eclipse.jetty:jetty-continuation:jar:9.4.48.v20220622:compile
[INFO] | | +- org.eclipse.jetty:jetty-jaas:jar:9.4.48.v20220622:compile
[INFO] | | +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.13.4:compile
[INFO] | | | \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.13.4:compile
[INFO] | | | +- jakarta.xml.bind:jakarta.xml.bind-api:jar:2.3.3:compile
[INFO] | | | \- jakarta.activation:jakarta.activation-api:jar:1.2.2:compile
[INFO] | | \- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.13.4:compile
[INFO] | \- org.apache.avro:avro:jar:1.8.1:compile
[INFO] | +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
[INFO] | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile
[INFO] | +- com.thoughtworks.paranamer:paranamer:jar:2.7:compile
[INFO] | +- org.apache.commons:commons-compress:jar:1.21:compile
[INFO] | \- org.tukaani:xz:jar:1.5:compile
[INFO] +- io.confluent:kafka-avro-serializer:jar:5.3.0:compile
[INFO] +- io.jsonwebtoken:jjwt-impl:jar:0.11.1:compile
[INFO] | \- io.jsonwebtoken:jjwt-api:jar:0.11.1:compile
[INFO] +- io.jsonwebtoken:jjwt-jackson:jar:0.11.1:compile
[INFO] +- org.hamcrest:hamcrest:jar:2.2:test
[INFO] +- org.apache.pulsar:buildtools:jar:2.12.0-SNAPSHOT:test
[INFO] +- org.testng:testng:jar:7.6.1:test
[INFO] | +- com.beust:jcommander:jar:1.82:test
[INFO] | \- org.webjars:jquery:jar:3.6.0:test
[INFO] +- org.mockito:mockito-core:jar:3.12.4:test
[INFO] | +- net.bytebuddy:byte-buddy:jar:1.11.13:test
[INFO] | +- net.bytebuddy:byte-buddy-agent:jar:1.11.13:test
[INFO] | \- org.objenesis:objenesis:jar:3.1:test
[INFO] +- org.mockito:mockito-inline:jar:3.12.4:test
[INFO] +- com.github.stefanbirkner:system-lambda:jar:1.2.1:test
[INFO] +- org.assertj:assertj-core:jar:3.18.1:test
[INFO] +- org.projectlombok:lombok:jar:1.18.24:provided
[INFO] +- javax.annotation:javax.annotation-api:jar:1.3.2:provided
[INFO] \- org.apache.bookkeeper:bookkeeper-server:jar:tests:4.15.3:test
[INFO] +- org.apache.bookkeeper:bookkeeper-common:jar:4.15.3:test
[INFO] | +- org.apache.bookkeeper.stats:bookkeeper-stats-api:jar:4.15.3:test
[INFO] | +- org.apache.bookkeeper:cpu-affinity:jar:4.15.3:test
[INFO] | +- io.netty:netty-common:jar:4.1.86.Final:compile
[INFO] | \- org.jctools:jctools-core:jar:2.1.2:test
[INFO] +- org.apache.bookkeeper:bookkeeper-common-allocator:jar:4.15.3:test
[INFO] | \- io.netty:netty-buffer:jar:4.1.86.Final:compile
[INFO] +- org.apache.bookkeeper:bookkeeper-proto:jar:4.15.3:test
[INFO] | \- com.google.protobuf:protobuf-java:jar:3.19.6:test
[INFO] +- org.apache.bookkeeper:bookkeeper-tools-framework:jar:4.15.3:test
[INFO] +- org.rocksdb:rocksdbjni:jar:6.29.4.1:test
[INFO] +- io.netty:netty-handler:jar:4.1.86.Final:compile
[INFO] | +- io.netty:netty-resolver:jar:4.1.86.Final:compile
[INFO] | +- io.netty:netty-transport:jar:4.1.86.Final:compile
[INFO] | +- io.netty:netty-transport-native-unix-common:jar:4.1.86.Final:compile
[INFO] | \- io.netty:netty-codec:jar:4.1.86.Final:compile
[INFO] +- io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.86.Final:test
[INFO] | \- io.netty:netty-transport-classes-epoll:jar:4.1.86.Final:compile
[INFO] +- io.netty:netty-tcnative-boringssl-static:jar:2.0.54.Final:test
[INFO] | +- io.netty:netty-tcnative-classes:jar:2.0.54.Final:test
[INFO] | +- io.netty:netty-tcnative-boringssl-static:jar:linux-x86_64:2.0.54.Final:test
[INFO] | +- io.netty:netty-tcnative-boringssl-static:jar:linux-aarch_64:2.0.54.Final:test
[INFO] | +- io.netty:netty-tcnative-boringssl-static:jar:osx-x86_64:2.0.54.Final:test
[INFO] | +- io.netty:netty-tcnative-boringssl-static:jar:osx-aarch_64:2.0.54.Final:test
[INFO] | \- io.netty:netty-tcnative-boringssl-static:jar:windows-x86_64:2.0.54.Final:test
[INFO] +- org.apache.bookkeeper.http:http-server:jar:4.15.3:test
[INFO] +- org.apache.bookkeeper:circe-checksum:jar:4.15.3:test
[INFO] +- commons-cli:commons-cli:jar:1.5.0:test
[INFO] +- commons-codec:commons-codec:jar:1.15:test
[INFO] +- commons-io:commons-io:jar:2.8.0:compile
[INFO] +- org.apache.commons:commons-lang3:jar:3.11:test
[INFO] +- org.apache.commons:commons-collections4:jar:4.4:test
[INFO] +- net.java.dev.jna:jna:jar:5.12.1:test
[INFO] +- org.apache.httpcomponents:httpclient:jar:4.5.13:test
[INFO] | +- org.apache.httpcomponents:httpcore:jar:4.4.15:test
[INFO] | \- commons-logging:commons-logging:jar:1.2:test
[INFO] +- io.reactivex.rxjava3:rxjava:jar:3.0.1:test
[INFO] | \- org.reactivestreams:reactive-streams:jar:1.0.3:test
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.18.0:test
[INFO] | \- org.apache.logging.log4j:log4j-api:jar:2.18.0:test
[INFO] +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.18.0:test
[INFO] \- commons-configuration:commons-configuration:jar:1.10:test
[INFO] \- commons-lang:commons-lang:jar:2.6:test
```
### What did you expect to see?
The Pulsar code base should only depend on licenses that are compatible with ASL 2.0 license.
### What did you see instead?
[The license for io.confluent:kafka-schema-registry is Confluent Community License Agreement 1.0](https://github.com/confluentinc/schema-registry/tree/v5.3.0#license) .
### Anything else?
It looks like the dependency configuration is invalid. The schema registry client `io.confluent:kafka-schema-registry-client` is ASL 2.0 . Perhaps the code in Pulsar would only need that dependency?
### Are you willing to submit a PR?
- [ ] I'm willing to submit a PR!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nicoloboschi commented on issue #18920: [Bug] org.apache.pulsar:pulsar-io-kafka depends on io.confluent:kafka-schema-registry which has incompatible license
Posted by GitBox <gi...@apache.org>.
nicoloboschi commented on issue #18920:
URL: https://github.com/apache/pulsar/issues/18920#issuecomment-1350503853
We need to fix it
I tried the upgrade a couple of weeks ago https://github.com/apache/pulsar/pull/18021 but I need to investigate the errors
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on issue #18920: [Bug] org.apache.pulsar:pulsar-io-kafka depends on io.confluent:kafka-schema-registry which has incompatible license
Posted by GitBox <gi...@apache.org>.
lhotari commented on issue #18920:
URL: https://github.com/apache/pulsar/issues/18920#issuecomment-1350506943
> I tried the upgrade a couple of weeks ago #18021 but I need to investigate the errors
perhaps mixing Scala 2.12 and 2.13 caused the problems?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on issue #18920: [Bug] org.apache.pulsar:pulsar-io-kafka depends on io.confluent:kafka-schema-registry which has incompatible license
Posted by GitBox <gi...@apache.org>.
lhotari commented on issue #18920:
URL: https://github.com/apache/pulsar/issues/18920#issuecomment-1350505137
It looks like #9448 added the `io.confluent:kafka-schema-registry` dependency. @eolivelli I guess the fix would be to use `io.confluent:kafka-schema-registry-client` dependency and upgrade it to latest version 7.x ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nicoloboschi closed issue #18920: [Bug] org.apache.pulsar:pulsar-io-kafka depends on io.confluent:kafka-schema-registry which has incompatible license
Posted by GitBox <gi...@apache.org>.
nicoloboschi closed issue #18920: [Bug] org.apache.pulsar:pulsar-io-kafka depends on io.confluent:kafka-schema-registry which has incompatible license
URL: https://github.com/apache/pulsar/issues/18920
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] lhotari commented on issue #18920: [Bug] org.apache.pulsar:pulsar-io-kafka depends on io.confluent:kafka-schema-registry which has incompatible license
Posted by GitBox <gi...@apache.org>.
lhotari commented on issue #18920:
URL: https://github.com/apache/pulsar/issues/18920#issuecomment-1350499750
Another problem that this old dependency causes is the mix of Scala 2.12 and Scala 2.13 libraries. Upgrading Scala 2.13 dependencies to 2.13.9 or newer (2.13.10 is most recent) is needed to address CVE-2022-36944 . /cc @nicoloboschi
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org