Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPARK-48231][BUILD] Remove unused CodeHaus Jackson dependencies #46521

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+0 −22
Open

[SPARK-48231][BUILD] Remove unused CodeHaus Jackson dependencies #46521

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 0 additions & 2 deletions LICENSE-binary
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -354,8 +354,6 @@ org.apache.parquet:parquet-hadoop
org.apache.parquet:parquet-jackson
org.apache.thrift:libfb303
org.apache.thrift:libthrift
org.codehaus.jackson:jackson-core-asl
org.codehaus.jackson:jackson-mapper-asl
org.datanucleus:datanucleus-api-jdo
org.datanucleus:datanucleus-core
org.datanucleus:datanucleus-rdbms
Expand Down
2 changes: 0 additions & 2 deletions dev/deps/spark-deps-hadoop-3-hive-2.3
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,13 +104,11 @@ ini4j/0.5.4//ini4j-0.5.4.jar
istack-commons-runtime/3.0.8//istack-commons-runtime-3.0.8.jar
ivy/2.5.2//ivy-2.5.2.jar
jackson-annotations/2.17.1//jackson-annotations-2.17.1.jar
jackson-core-asl/1.9.13//jackson-core-asl-1.9.13.jar
jackson-core/2.17.1//jackson-core-2.17.1.jar
jackson-databind/2.17.1//jackson-databind-2.17.1.jar
jackson-dataformat-cbor/2.17.1//jackson-dataformat-cbor-2.17.1.jar
jackson-dataformat-yaml/2.17.1//jackson-dataformat-yaml-2.17.1.jar
jackson-datatype-jsr310/2.17.1//jackson-datatype-jsr310-2.17.1.jar
jackson-mapper-asl/1.9.13//jackson-mapper-asl-1.9.13.jar
jackson-module-scala_2.13/2.17.1//jackson-module-scala_2.13-2.17.1.jar
jakarta.annotation-api/2.0.0//jakarta.annotation-api-2.0.0.jar
jakarta.inject-api/2.0.1//jakarta.inject-api-2.0.1.jar
Expand Down
14 changes: 0 additions & 14 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,6 @@
<scalafmt.skip>true</scalafmt.skip>
<scalafmt.validateOnly>true</scalafmt.validateOnly>
<scalafmt.changedOnly>true</scalafmt.changedOnly>
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
<fasterxml.jackson.version>2.17.1</fasterxml.jackson.version>
<fasterxml.jackson.databind.version>2.17.1</fasterxml.jackson.databind.version>
<ws.xmlschema.version>2.3.1</ws.xmlschema.version>
Expand Down Expand Up @@ -1938,19 +1937,6 @@
</exclusion>
</exclusions>
</dependency>
<!-- Hive 2.3 need this to init Hive's FunctionRegistry -->
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
<version>${codehaus.jackson.version}</version>
<scope>${hive.jackson.scope}</scope>
Copy link
Member

@wangyum wangyum May 10, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we also remove <hive.jackson.scope>compile</hive.jackson.scope>?

spark/pom.xml

Line 270 in 44f00cc

<hive.jackson.scope>compile</hive.jackson.scope>

spark/assembly/pom.xml

Line 269 in 2df494f

<hive.jackson.scope>provided</hive.jackson.scope>

https://github.com/apache/spark/blob/master/assembly/pom.xml#L272-L277

Copy link
Member Author

@pan3793 pan3793 May 10, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we identify some issues on hive 2.3.10 before 4.0.0 release, we may need to revert this patch and fallback to SPARK-47119 approach to mitigate CodeHaus Jackson dependencies vulnerabilities, see comemnts at
#45201 (comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya, sorry for making things difficult, @pan3793 and @wangyum .

If we are sure, we can clean up later more easily definitely.

</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>${codehaus.jackson.version}</version>
<scope>${hive.jackson.scope}</scope>
</dependency>
<dependency>
<groupId>${hive.group}</groupId>
<artifactId>hive-beeline</artifactId>
Expand Down
4 changes: 0 additions & 4 deletions sql/hive/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,10 +135,6 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
</dependency>
<!-- transitive dependencies of hive-exec-core doesn't declare -->
<dependency>
<groupId>javax.servlet</groupId>
Expand Down