update commons-compress from 1.19 to 1.21 #13270
Conversation
|
1.22+ starts dragging in more stuff such as |
|
If it's used by the benchmark module then I don't think it's that problematic? Similar to test framework dependencies? Your suggestion to use a pipe works too but will hurt people living in darker times (on Windows). |
|
@dweiss I think the problem is more keeping up, eg I'm unable to get things working with their latest versions. Weve got dependencies on jars like nekohtml unmaintained for over a decade too. And build hacks for them... |
|
anyway, if there's no objection, i'd like to bump this to 1.21 which is an easy win and doesnt modify the dependency graph. |
|
This PR has not had activity in the past 2 weeks, labeling it as stale. If the PR is waiting for review, notify the [email protected] list. Thank you for your contribution! |
Another pre-covid dependency version...
I tried to upgrade to the latest version (both with and without the entangled commons-codec upgrade: #13269) and there is trouble everywhere.
Newer versions of this library just drag in more and more dependencies and have more jar/module hell and larger surface area. For example they are dragging in JNI compressors etc!
https://commons.apache.org/proper/commons-compress/dependencies.html
For now, I'd like to just upgrade these two minor versions to get us "less ancient", but going forwards I think we need to evaluate if we should really have a dependency mess just to support
bzip2format inlucene/benchmark.Alternatively, benchmark could use the gzip support built into the JDK, and for bzip2 files, it could just support running
bzip2 -dccommand and reading from its stdout? It would avoid the entire mess.