Avro
  1. Avro
  2. AVRO-995

Java: Update Dependencies for 1.6.2

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.6.2
    • Component/s: None
    • Labels:
      None

      Description

      A few of our dependencies need upgrading. In particular, I have been hit by a bug in Jackson that is fixed by the latest release (http://jira.codehaus.org/browse/JACKSON-462).

      Summary: I will submit a patch that updates everything to the next bugfix or very minor release, other than paranamer, thrift, and hadoop.

      Details:
      (using maven versions plugin)

      On the dependency side:
      [INFO] com.thoughtworks.paranamer:paranamer ................ 2.3 -> 2.4-debug
      could not find info about what is new in 2.4. I do not think we should upgrade until we have more info
      [INFO] net.sf.jopt-simple:jopt-simple ............................ 4.1 -> 4.3
      minor extra features (http://pholser.github.com/jopt-simple/changes.html)
      [INFO] org.apache.hadoop:hadoop-core .................... 0.20.205.0 -> 1.0.0
      renamed 0.20.205, no need to update yet.
      [INFO] org.codehaus.jackson:jackson-mapper-asl ............... 1.8.6 -> 1.9.3
      I suggest we upgrade to 1.8.7.
      [INFO] org.jboss.netty:netty ..................... 3.2.6.Final -> 3.2.7.Final
      bugfix release
      [INFO] org.apache.thrift:libthrift ........................... 0.7.0 -> 0.8.0
      Is this a minor / bugfix release? If so we should update, otherwise wait until Avro 1.7.x
      [INFO] org.slf4j:slf4j-api ................................... 1.6.3 -> 1.6.4
      [INFO] org.slf4j:slf4j-simple ................................ 1.6.3 -> 1.6.4
      Minor bugfixes (http://www.slf4j.org/news.html)

      On the plugin side: (mvn versions:display-plugin-updates)
      [INFO] maven-antrun-plugin ...................................... 1.6 -> 1.7
      minor, looks safe: (http://mail-archives.apache.org/mod_mbox/maven-announce/201111.mbox/%3CCALhtWke1=w6Nv2U85NkGqm0Zxo3KHyzDc8hAZkHhVywJbuv-7g@mail.gmail.com%3E)
      [INFO] maven-gpg-plugin ......................................... 1.3 -> 1.4
      minor update (http://mail-archives.apache.org/mod_mbox/maven-announce/201108.mbox/%3CCA+nPnMw_3zQQCpzybQvo-QZFMCogvH31WEhxQnZ=cdzgxsRR7w@mail.gmail.com%3E)
      [INFO] maven-checkstyle-plugin .................................. 2.6 -> 2.8
      we avoided 2.7 before for some reason: (http://mail-archives.apache.org/mod_mbox/maven-dev/201108.mbox/%3CCAPoyBqSvu+KuP5VucE8Rc6Mjb9rYkr2Cpig+rVBE5O8Teo6Xcw@mail.gmail.com%3E)
      useful new feature: (http://mail-archives.apache.org/mod_mbox/maven-announce/201111.mbox/%3C15365449.01320142181746.JavaMail.mark@MARK%3E)
      [INFO] maven-surefire-plugin .................................. 2.10 -> 2.11
      lots of bug fixes and long requested new features: (http://mail-archives.apache.org/mod_mbox/maven-announce/201112.mbox/%3CCA+jQputH_uA2Ue6JqiHp1YeNo=qQxgcpDTgq9vv1AW_PSQk1sQ@mail.gmail.com%3E)
      [INFO] maven-shade-plugin ....................................... 1.4 -> 1.5
      minor looks safe: (http://mail-archives.apache.org/mod_mbox/maven-announce/201111.mbox/%3C1076639049.01320107865464.JavaMail.benson@tinfoilhat.local%3E)
      [INFO] maven-archetype-plugin ................................... 2.1 -> 2.2
      http://mail-archives.apache.org/mod_mbox/maven-announce/201111.mbox/%3CCALhtWkeLyc-tA2NCh3xYR06W+eGiWd46fS=R=NgJOn14zrdDaw@mail.gmail.com%3E

      1. AVRO-995.patch
        5 kB
        Scott Carey
      2. AVRO-995.2.patch
        4 kB
        Scott Carey

        Activity

        Hide
        Scott Carey added a comment -

        AVRO-995.patch Updates as described, except for surefire 2.11 which has a bug.

        Tested the patch with the full build. Compile and test work without anything in the local repo or with. 'mvn clean install' from toplevel works.

        Show
        Scott Carey added a comment - AVRO-995 .patch Updates as described, except for surefire 2.11 which has a bug. Tested the patch with the full build. Compile and test work without anything in the local repo or with. 'mvn clean install' from toplevel works.
        Hide
        Doug Cutting added a comment -

        Should we include this in 1.6.2 or not?

        Show
        Doug Cutting added a comment - Should we include this in 1.6.2 or not?
        Hide
        Scott Carey added a comment -

        At minimum, we should upgrade Jackson from 1.8.6 to 1.8.7. This fixes a bug that prevents the JSON encoding from working reliably, in particular the 'tojson' avro-tools tool frequently fails with 1.8.6 but works with 1.8.7.

        The other updates do not fix any known bugs, but I thought it might be good to update our dependencies while I was fixing the Jackson issue.

        Show
        Scott Carey added a comment - At minimum, we should upgrade Jackson from 1.8.6 to 1.8.7. This fixes a bug that prevents the JSON encoding from working reliably, in particular the 'tojson' avro-tools tool frequently fails with 1.8.6 but works with 1.8.7. The other updates do not fix any known bugs, but I thought it might be good to update our dependencies while I was fixing the Jackson issue.
        Hide
        Scott Carey added a comment -

        Additionally, I will not be able to commit this, or review or commit any other tickets in the next 11 days due to very limited Internet access.

        I am +1 on this one as is.

        Show
        Scott Carey added a comment - Additionally, I will not be able to commit this, or review or commit any other tickets in the next 11 days due to very limited Internet access. I am +1 on this one as is.
        Hide
        Doug Cutting added a comment -

        Should we be concerned about updating versions of dependencies for non-bugfix reasons in a bugfix release? It's possible that updating one of our dependencies could break a project that depends on Avro. So it might be safer to simply update Jackson in 1.6.2 and save the rest of these for 1.7.0. Am I being too paranoid?

        Show
        Doug Cutting added a comment - Should we be concerned about updating versions of dependencies for non-bugfix reasons in a bugfix release? It's possible that updating one of our dependencies could break a project that depends on Avro. So it might be safer to simply update Jackson in 1.6.2 and save the rest of these for 1.7.0. Am I being too paranoid?
        Hide
        Lars Francke added a comment -

        Just one more thing to add: Jetty has changed groupId to org.eclipse.jetty and they are up to version 8.x now. It's worth upgrading that at some point too but I guess that should definitely go into a minor- and not a bugfix release.

        I don't have a strong opinion about updating the others but sometimes builds that depend on Avro might be broken or need workarounds because of outdated dependencies. So it can go both ways.

        Show
        Lars Francke added a comment - Just one more thing to add: Jetty has changed groupId to org.eclipse.jetty and they are up to version 8.x now. It's worth upgrading that at some point too but I guess that should definitely go into a minor- and not a bugfix release. I don't have a strong opinion about updating the others but sometimes builds that depend on Avro might be broken or need workarounds because of outdated dependencies. So it can go both ways.
        Hide
        Scott Carey added a comment - - edited

        I will provide another patch with reduced changes to the most safe things:

        • end user dependencies - fix the jackson issue, and some other very safe ones (slf4j, netty)
        • plugin dependencies - all updates, this only affects our build.
        • pom file cleanup - moving versions to properties

        These may collide with the other pom file cleanups in progress however (AVRO-1012, AVRO-1011). I will review and commit those first before providing a new patch here.

        Show
        Scott Carey added a comment - - edited I will provide another patch with reduced changes to the most safe things: end user dependencies - fix the jackson issue, and some other very safe ones (slf4j, netty) plugin dependencies - all updates, this only affects our build. pom file cleanup - moving versions to properties These may collide with the other pom file cleanups in progress however ( AVRO-1012 , AVRO-1011 ). I will review and commit those first before providing a new patch here.
        Hide
        Scott Carey added a comment -

        Re: Jetty –

        We shouldn't upgrade a major version dependency until 1.7.0 IMO.
        As for 8.x, will Avro work with 8.x if a user is simultaneously using 6.x or 7.x? We could create two HTTP IPC modules if necessary, otherwise it would be good to move to 8.x for Avro 1.7.0 and use a supported version of the software.

        Show
        Scott Carey added a comment - Re: Jetty – We shouldn't upgrade a major version dependency until 1.7.0 IMO. As for 8.x, will Avro work with 8.x if a user is simultaneously using 6.x or 7.x? We could create two HTTP IPC modules if necessary, otherwise it would be good to move to 8.x for Avro 1.7.0 and use a supported version of the software.
        Hide
        Scott Carey added a comment -

        This latest patch updates all plugin versions in the build, and updates Jackson to 1.8.8 for the latest bugfixes in the 1.8.x line, and uses the latest bugfix versions for netty and slf4j as well.

        Thrift, Hadoop, jopt-simple, and paranamer are left unchanged.

        Show
        Scott Carey added a comment - This latest patch updates all plugin versions in the build, and updates Jackson to 1.8.8 for the latest bugfixes in the 1.8.x line, and uses the latest bugfix versions for netty and slf4j as well. Thrift, Hadoop, jopt-simple, and paranamer are left unchanged.
        Hide
        Scott Carey added a comment -

        I will commit this tomorrow if there are no objections.

        Show
        Scott Carey added a comment - I will commit this tomorrow if there are no objections.
        Hide
        Doug Cutting added a comment -

        +1

        Show
        Doug Cutting added a comment - +1
        Hide
        Scott Carey added a comment -

        Committed @revision 1242039

        Show
        Scott Carey added a comment - Committed @revision 1242039

          People

          • Assignee:
            Scott Carey
            Reporter:
            Scott Carey
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development