[BEAM-2190] Cherry-pick #2934 into release-2.0.0#2957
Closed
dhalperi wants to merge 1 commit intoapache:release-2.0.0from
Closed
[BEAM-2190] Cherry-pick #2934 into release-2.0.0#2957dhalperi wants to merge 1 commit intoapache:release-2.0.0from
dhalperi wants to merge 1 commit intoapache:release-2.0.0from
Conversation
Even if Beam appears to have the correct dependencies, we cannot guarantee that modules that depend on us transitively get the right dependencies. For example, even though grpc-protobuf-lite has protobuf-lite excluded, and the Maven Enforcer banned-dependencies check passes... if a user happens to get a transitive dependency on grpc-all first, they may pull in grpc-protobuf from that other source without the exclusion. Thus we need to exclude protobuf-lite from grpc-all as well. While we're here, also add guava-jdk5 to the set of banned dependencies, though (as above) we cannot currently properly identify the places it might be transitively exposed in a users' pom.xml.
|
Changes Unknown when pulling 0eb4bcf on dhalperi:cp-2934 into ** on apache:release-2.0.0**. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This cherry-picks #2934
R: @davorbonaci
Even if Beam appears to have the correct dependencies, we cannot
guarantee that modules that depend on us transitively get the right
dependencies. For example, even though grpc-protobuf-lite has
protobuf-lite excluded, and the Maven Enforcer banned-dependencies
check passes... if a user happens to get a transitive dependency on
grpc-all first, they may pull in grpc-protobuf from that other source
without the exclusion. Thus we need to exclude protobuf-lite from
grpc-all as well.
While we're here, also add guava-jdk5 to the set of banned dependencies,
though (as above) we cannot currently properly identify the places it
might be transitively exposed in a users' pom.xml.