Uploaded image for project: 'Accumulo'
  1. Accumulo
  2. ACCUMULO-4703

Attempt to pull all dependencies to latest version

    Details

    • Type: Task
    • Status: Open
    • Priority: Blocker
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.0.0
    • Component/s: None
    • Labels:
      None

      Description

      This is issue is motivated by discussion in ACCUMULO-4701. For 2.0.0 we should attempt to use the latest version of any direct dependencies. Not doing so may force user to use older versions of dependencies with bugs and security problems.

      ACCUMULO-4701 provides an example of this where Accumulo using methods that exist in an older version of Guava but are dropped in a new version prevent a user from using newer Guava.

        Activity

        Hide
        ctubbsii Christopher Tubbs added a comment -

        Michael Miller I saw a change pushed to bump up the minimum maven version to 3.2.5. You should know that the reason I kept it at 3.0.5 is because that's what ships in CentOS 7, and I wanted to make sure builds worked on a relatively recent enterprise OS. We may want to revert that change. Or, maybe it's fine. I don't feel strongly about it, it's just a point of consideration you may not have thought about.

        Show
        ctubbsii Christopher Tubbs added a comment - Michael Miller I saw a change pushed to bump up the minimum maven version to 3.2.5. You should know that the reason I kept it at 3.0.5 is because that's what ships in CentOS 7, and I wanted to make sure builds worked on a relatively recent enterprise OS. We may want to revert that change. Or, maybe it's fine. I don't feel strongly about it, it's just a point of consideration you may not have thought about.
        Hide
        milleruntime Michael Miller added a comment -

        I thought there might be a reason for keeping it at that version but the comment mentioned maven release plugin. I went with the version required by versions-maven-plugin. I thought 3.2.5 was a good compromise from going all the way to the latest, 3.5.0. Thankfully it looks like 3.0.5 is the oldest recommended version: https://maven.apache.org/security.html I can revert it and add a comment.

        Show
        milleruntime Michael Miller added a comment - I thought there might be a reason for keeping it at that version but the comment mentioned maven release plugin. I went with the version required by versions-maven-plugin. I thought 3.2.5 was a good compromise from going all the way to the latest, 3.5.0. Thankfully it looks like 3.0.5 is the oldest recommended version: https://maven.apache.org/security.html I can revert it and add a comment.
        Hide
        ctubbsii Christopher Tubbs added a comment -

        Yeah, if we're updating to newer plugins which require 3.2.5 or later, then it makes more sense to bump it.

        Show
        ctubbsii Christopher Tubbs added a comment - Yeah, if we're updating to newer plugins which require 3.2.5 or later, then it makes more sense to bump it.
        Hide
        milleruntime Michael Miller added a comment -

        I was able to find a usable version of Zookeeper 3.5.x with release 3.5.2-alpha. I don't think 3.5 is ready for use though as I couldn't even get 3.5.3-beta to work. There were some minor changes to MAC to use the new configuration. Here is my branch for future reference when they release a stable version: https://github.com/milleruntime/accumulo/tree/ACCUMULO-4703-zk3.5

        Show
        milleruntime Michael Miller added a comment - I was able to find a usable version of Zookeeper 3.5.x with release 3.5.2-alpha. I don't think 3.5 is ready for use though as I couldn't even get 3.5.3-beta to work. There were some minor changes to MAC to use the new configuration. Here is my branch for future reference when they release a stable version: https://github.com/milleruntime/accumulo/tree/ACCUMULO-4703-zk3.5
        Hide
        ctubbsii Christopher Tubbs added a comment -

        Sounds like we should avoid ZK 3.5 for now, at least as part of this task.

        Show
        ctubbsii Christopher Tubbs added a comment - Sounds like we should avoid ZK 3.5 for now, at least as part of this task.

          People

          • Assignee:
            milleruntime Michael Miller
            Reporter:
            kturner Keith Turner
          • Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0h
              0h
              Logged:
              Time Spent - 1h
              1h

                Development