You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@iceberg.apache.org by GitBox <gi...@apache.org> on 2019/06/28 22:02:54 UTC

[GitHub] [incubator-iceberg] dansanduleac commented on a change in pull request #241: Use gradle-consistent-versions to manage dependencies

dansanduleac commented on a change in pull request #241: Use gradle-consistent-versions to manage dependencies
URL: https://github.com/apache/incubator-iceberg/pull/241#discussion_r298761003
 
 

 ##########
 File path: versions.props
 ##########
 @@ -0,0 +1,23 @@
+org.slf4j:slf4j-api = 1.7.5
+com.google.guava:guava = 28.0-jre
+org.apache.avro:avro = 1.8.2
+org.apache.hadoop:* = 2.7.3
+org.apache.hive:hive-standalone-metastore = 1.2.1
+org.apache.orc:orc-core = 1.5.5
+org.apache.parquet:parquet-avro = 1.10.0
+org.apache.spark:spark-hive_2.11 = 2.4.0
+org.apache.pig:pig = 0.14.0
+com.fasterxml.jackson.core:jackson-core = 2.7.9
 
 Review comment:
   Nice spot!
   Worth nothing that in GCV land, these lines don't "fix" the version but instead provide a required constraint, rather than a force, meaning gradle can choose a higher version if other constraints come into play, so all constraints, even from transitives, are always respected. 
   However, since they are independent lines, the individual jackson modules might still end up with different versions later on as you upgrade other dependencies.
   
   If you want to ensure all jackson modules use the same version, you should use a star-matcher here:
   ```
   com.fasterxml.jackson.*:* = 2.7.9
   ```
   
   Under the scenes, this creates a virtual platform that ensures all jackson modules' versions align to the highest version, whatever that ends up being.
   
   This way, if some transitive ends up requiring jackson-core:2.9.8 for instance, then _all_ jackson versions end up being bumped to 2.9.8, thus ensuring they've been tested with each other.
   
   Check out gradle's [example of using virtual platforms](https://docs.gradle.org/current/userguide/managing_transitive_dependencies.html#aligning_versions_of_modules_not_published_with_gradle) which deals with exactly this problem.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org