KAFKA-3227; Conservative update of Kafka dependencies#903
KAFKA-3227; Conservative update of Kafka dependencies#903ijuma wants to merge 5 commits intoapache:trunkfrom
Conversation
…ermock * Snappy: fixes a resource leak * MiniKDC: bumps commons-collections version to 3.2.2 to address a security flaw * Bouncy castle: security fixes
Most relevant improvement is improved IDE integration.
| slf4j: "1.7.15", | ||
| snappy: "1.1.2.1", | ||
| zkclient: "0.7", | ||
| zookeeper: "3.4.6", |
There was a problem hiding this comment.
Should Zookeeper bump to 3.4.7?
There was a problem hiding this comment.
No, 3.4.7 was pulled due to a deadlock.
|
@ijuma Thanks for keeping the dependencies up to date. I check for dependency updates for my gradle projects (and checked this patch) with the below addition to my gradle file. Think that would be useful to add in a patch? If not, its useful to copy & paste when reviewing dependencies. buildscript {
repositories {
jcenter()
mavenCentral()
}
dependencies {
classpath 'com.github.ben-manes:gradle-versions-plugin:0.12.0'
}
}
subprojects {
apply plugin: 'com.github.ben-manes.versions'
dependencyUpdates {
revision="release"
resolutionStrategy = {
componentSelection { rules ->
rules.all { ComponentSelection selection ->
boolean rejected = ['snap', 'alpha', 'beta', 'rc', 'cr', 'm'].any { qualifier ->
selection.candidate.version ==~ /(?i).*[.-]${qualifier}[.\d-]*/
}
if (rejected) {
selection.reject('Release candidate')
}
}
}
}
}
}gradle dependencyUpdates |
|
Thanks for the review @granthenke. I used something similar to your example to check the updates myself (although yours includes an additional rule that looks useful). I would personally find it useful, if that was included in the Kafka build. |
|
@ijuma Looking at the dependencies output I think commons-collections 3.2.1 is still pulled in transitively. Looks like the Hadoop update didn't fix miniKdc. |
|
@granthenke It looks like the hadoop project updated its commons-collections dependency to 3.2.2[1], but MiniKDC actually has no direct dependency on commons-collections, just a transitive one. So that commit didn't fix the issue in the end. Seems like we need #564 after all. |
|
@ijuma I can re-open it if you like. Its not a huge deal since its a test dependency. This patch LGTM. |
|
Up to you @granthenke, I think rat also seems to have a dependency on common-collections. And thanks for the review! |
|
@ijuma That reminds me. The build script depends on an old version of grgit due to 1.6 compatibility, now that we don't need that can we update here too? (and use standard syntax) From: To: |
…ive-update-of-kafka-deps * apache/trunk: KAFKA-3147; Memory records is not writable in MirrorMaker MINOR: catch an exception in rebalance and stop the stream thread KAFKA-3229 ensure that root statestore is registered with ProcessorStateManager MINOR: add setUncaughtExceptionHandler to KafkaStreams MINOR: Connect hangs on startup failure HOTFIX: poll even when all partitions are paused. handle concurrent cleanup MINOR: Remove multi-byte charactor in docs
|
@granthenke Updated grgit. |
|
LGTM |
|
LGTM |
4 participants
Patch version bumps for bouncy castle, minikdc, snappy, slf4j, scalatest and powermock. Notable fixes:
Also update Gradle to 2.11 (where the notable change is improved IDE integration) and the grgit build dependency.