You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@phoenix.apache.org by st...@apache.org on 2024/01/17 07:14:16 UTC
(phoenix) branch master updated: PHOENIX-7181 Do not declare commons-configuration2 dependency
This is an automated email from the ASF dual-hosted git repository.
stoty pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/phoenix.git
The following commit(s) were added to refs/heads/master by this push:
new 3492933940 PHOENIX-7181 Do not declare commons-configuration2 dependency
3492933940 is described below
commit 3492933940807737f08ef778469db9fa84b281d0
Author: Istvan Toth <st...@apache.org>
AuthorDate: Mon Jan 15 15:39:03 2024 +0100
PHOENIX-7181 Do not declare commons-configuration2 dependency
also remove redundant commons-configuration2 from phoenix-mapreduce-byo-shaded-hbase
---
phoenix-core-client/pom.xml | 4 ----
phoenix-core/pom.xml | 5 -----
phoenix-mapreduce-byo-shaded-hbase/pom.xml | 9 +++++++++
pom.xml | 13 +++++++------
4 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/phoenix-core-client/pom.xml b/phoenix-core-client/pom.xml
index 1d886b3bae..ba02beaa33 100644
--- a/phoenix-core-client/pom.xml
+++ b/phoenix-core-client/pom.xml
@@ -394,10 +394,6 @@
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-configuration2</artifactId>
- </dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
diff --git a/phoenix-core/pom.xml b/phoenix-core/pom.xml
index 85f95b5bf3..704bb5d55e 100644
--- a/phoenix-core/pom.xml
+++ b/phoenix-core/pom.xml
@@ -349,11 +349,6 @@
<artifactId>phoenix-shaded-commons-cli</artifactId>
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-configuration2</artifactId>
- <scope>test</scope>
- </dependency>
<dependency>
<groupId>com.github.stephenc.findbugs</groupId>
<artifactId>findbugs-annotations</artifactId>
diff --git a/phoenix-mapreduce-byo-shaded-hbase/pom.xml b/phoenix-mapreduce-byo-shaded-hbase/pom.xml
index 7cf6a98ea8..d9ccfd30c9 100644
--- a/phoenix-mapreduce-byo-shaded-hbase/pom.xml
+++ b/phoenix-mapreduce-byo-shaded-hbase/pom.xml
@@ -574,6 +574,15 @@
<version>4.0.0</version>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <!-- provided by Hadoop -->
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-configuration2</artifactId>
+ <!-- random version, for exclusion only -->
+ <version>2.1.1</version>
+ <scope>provided</scope>
+ </dependency>
+
<!-- Other dependencies we don't want to shade in, but are not transitively excluded by the
above for some reason -->
diff --git a/pom.xml b/pom.xml
index 807baa4002..7c598fb80c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -116,7 +116,6 @@
<commons-csv.version>1.0</commons-csv.version>
<commons-compress.version>1.21</commons-compress.version>
<sqlline.version>1.9.0</sqlline.version>
- <commons-configuration2.version>2.1.1</commons-configuration2.version>
<jcip-annotations.version>1.0-1</jcip-annotations.version>
<jsr305.version>2.0.1</jsr305.version>
<snappy.version>0.3</snappy.version>
@@ -445,6 +444,13 @@
<!-- These change too frequently, so we just rely on the hbase transitive deps -->
org.apache.hbase.thirdparty:*
</ignoredUsedUndeclaredDependency>
+ <ignoredUsedUndeclaredDependency>
+ <!-- We only need this because the Hadoop Metrics API leak.
+ By not declaring the dependency, we can pick up the CVE fixed version from Hadoop
+ without having to also declare a dependency on commons-text dependency
+ (which we do not use directly at all)-->
+ org.apache.commons:commons-configuration2
+ </ignoredUsedUndeclaredDependency>
</ignoredUsedUndeclaredDependencies>
</configuration>
<executions>
@@ -1518,11 +1524,6 @@
<artifactId>commons-lang3</artifactId>
<version>${commons-lang.version}</version>
</dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-configuration2</artifactId>
- <version>${commons-configuration2.version}</version>
- </dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>