You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by hx...@apache.org on 2020/11/08 14:39:04 UTC
[iotdb] branch master updated: Fix dependencies Convergence for
packaing (#1983)
This is an automated email from the ASF dual-hosted git repository.
hxd pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 766af3b Fix dependencies Convergence for packaing (#1983)
766af3b is described below
commit 766af3bb500d23b0ce412b331c32847459a22176
Author: Xiangdong Huang <hx...@apache.org>
AuthorDate: Sun Nov 8 22:38:52 2020 +0800
Fix dependencies Convergence for packaing (#1983)
* force claim guava version to avoid version conflict in hadoop and spark module
---
hadoop/pom.xml | 13 ++++
hive-connector/pom.xml | 15 ++++
pom.xml | 166 +++++++++++++++++++++---------------------
spark-iotdb-connector/pom.xml | 13 ++++
4 files changed, 124 insertions(+), 83 deletions(-)
diff --git a/hadoop/pom.xml b/hadoop/pom.xml
index df3087c..6b33daa 100644
--- a/hadoop/pom.xml
+++ b/hadoop/pom.xml
@@ -45,6 +45,19 @@
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- many of hadoop dependencies use guava11, but org.apache.curator from hadoop-common uses
+ guava16 -->
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>21.0</version>
</dependency>
</dependencies>
<build>
diff --git a/hive-connector/pom.xml b/hive-connector/pom.xml
index 77f3124..ae1bd5a 100644
--- a/hive-connector/pom.xml
+++ b/hive-connector/pom.xml
@@ -54,8 +54,19 @@
<groupId>org.apache.hive</groupId>
<artifactId>hive-storage-api</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
</exclusions>
</dependency>
+ <!-- many of hadoop dependencies use guava11, but org.apache.curator from hadoop-common uses
+ guava16 -->
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>21.0</version>
+ </dependency>
<!-- force upgrade the dependency of hive-serde-->
<dependency>
<groupId>org.apache.orc</groupId>
@@ -77,6 +88,10 @@
<groupId>org.antlr</groupId>
<artifactId>antlr-runtime</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
</exclusions>
</dependency>
</dependencies>
diff --git a/pom.xml b/pom.xml
index 86daaca..cdd086a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -584,6 +584,86 @@
</pluginManagement>
<plugins>
<!--
+ Strange things usually happen if you run with a too low Java version.
+ This plugin not only checks the minimum java version of 1.8, but also
+ checks all dependencies (and transitive dependencies) for reported CVEs.
+ -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>3.0.0-M2</version>
+ <!--$NO-MVN-MAN-VER$-->
+ <executions>
+ <!-- Ensure we're not mixing dependency versions -->
+ <execution>
+ <id>enforce-version-convergence</id>
+ <configuration>
+ <rules>
+ <dependencyConvergence/>
+ </rules>
+ </configuration>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ </execution>
+ <!--
+ Fails the build if classes are included from multiple
+ artifacts and these are not identical.
+ -->
+ <!--execution>
+ <id>enforce-ban-duplicate-classes</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <banDuplicateClasses>
+ <scopes>
+ <scope>compile</scope>
+ <scope>provided</scope>
+ </scopes>
+ <findAllDuplicates>true</findAllDuplicates>
+ <ignoreWhenIdentical>true</ignoreWhenIdentical>
+ </banDuplicateClasses>
+ </rules>
+ <fail>true</fail>
+ </configuration>
+ </execution-->
+ <!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
+ <execution>
+ <id>vulnerability-checks</id>
+ <phase>validate</phase>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <!-- Just generate warnings for now -->
+ <fail>false</fail>
+ <rules>
+ <requireJavaVersion>
+ <version>1.8.0</version>
+ </requireJavaVersion>
+ <!-- Disabled for now as it breaks the ability to build single modules -->
+ <!--reactorModuleConvergence/-->
+ <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
+ </rules>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.sonatype.ossindex.maven</groupId>
+ <artifactId>ossindex-maven-enforcer-rules</artifactId>
+ <version>1.0.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>extra-enforcer-rules</artifactId>
+ <version>1.2</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ <!--
Even if Maven transitively pulls in dependencies, relying on these can
quite often cause hard to find problems. So it's a good practice to make
sure everything directly required is also directly added as a dependency.
@@ -951,7 +1031,7 @@
</plugins>
</build>
</profile>
- <!-- Make sure the source assembly has the right name (includes "incubating") -->
+ <!-- Make sure the source assembly has the right name -->
<profile>
<id>apache-release</id>
<build>
@@ -973,7 +1053,7 @@
See https://issues.apache.org/jira/browse/MNG-5454 sigh.
-->
<configuration combine.self="append">
- <finalName>apache-iotdb-${project.version}-incubating</finalName>
+ <finalName>apache-iotdb-${project.version}</finalName>
<archive>
<manifest>
<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
@@ -1006,7 +1086,7 @@
<fileSet>
<directory>${project.build.directory}</directory>
<includes>
- <include>apache-iotdb-${project.version}-incubating-source-release.zip</include>
+ <include>apache-iotdb-${project.version}-source-release.zip</include>
</includes>
</fileSet>
</fileSets>
@@ -1014,86 +1094,6 @@
</execution>
</executions>
</plugin>
- <!--
- Strange things usually happen if you run with a too low Java version.
- This plugin not only checks the minimum java version of 1.8, but also
- checks all dependencies (and transitive dependencies) for reported CVEs.
- -->
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-enforcer-plugin</artifactId>
- <version>3.0.0-M2</version>
- <!--$NO-MVN-MAN-VER$-->
- <executions>
- <!-- Ensure we're not mixing dependency versions -->
- <execution>
- <id>enforce-version-convergence</id>
- <configuration>
- <rules>
- <dependencyConvergence/>
- </rules>
- </configuration>
- <goals>
- <goal>enforce</goal>
- </goals>
- </execution>
- <!--
- Fails the build if classes are included from multiple
- artifacts and these are not identical.
- -->
- <!--execution>
- <id>enforce-ban-duplicate-classes</id>
- <goals>
- <goal>enforce</goal>
- </goals>
- <configuration>
- <rules>
- <banDuplicateClasses>
- <scopes>
- <scope>compile</scope>
- <scope>provided</scope>
- </scopes>
- <findAllDuplicates>true</findAllDuplicates>
- <ignoreWhenIdentical>true</ignoreWhenIdentical>
- </banDuplicateClasses>
- </rules>
- <fail>true</fail>
- </configuration>
- </execution-->
- <!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
- <execution>
- <id>vulnerability-checks</id>
- <phase>validate</phase>
- <goals>
- <goal>enforce</goal>
- </goals>
- <configuration>
- <!-- Just generate warnings for now -->
- <fail>false</fail>
- <rules>
- <requireJavaVersion>
- <version>1.8.0</version>
- </requireJavaVersion>
- <!-- Disabled for now as it breaks the ability to build single modules -->
- <!--reactorModuleConvergence/-->
- <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
- </rules>
- </configuration>
- </execution>
- </executions>
- <dependencies>
- <dependency>
- <groupId>org.sonatype.ossindex.maven</groupId>
- <artifactId>ossindex-maven-enforcer-rules</artifactId>
- <version>1.0.0</version>
- </dependency>
- <dependency>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>extra-enforcer-rules</artifactId>
- <version>1.2</version>
- </dependency>
- </dependencies>
- </plugin>
</plugins>
</build>
</profile>
diff --git a/spark-iotdb-connector/pom.xml b/spark-iotdb-connector/pom.xml
index b0700d5..2b0600c 100644
--- a/spark-iotdb-connector/pom.xml
+++ b/spark-iotdb-connector/pom.xml
@@ -60,6 +60,19 @@
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-client</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- many of hadoop dependencies use guava11, but org.apache.curator from hadoop-common uses
+ guava16 -->
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>21.0</version>
</dependency>
<dependency>
<groupId>org.apache.spark</groupId>