GCP: Backport License/Notice fix from #16182 to 1.10.x, excluding woodstox/gcs-analytics and JSR#16244
Merged
amogh-jahagirdar merged 3 commits intoapache:1.10.xfrom May 7, 2026
Conversation
… exclude jsr305 due to LGPL concerns, exclude Slf4j through the same mechanism (it was already excluded) Co-authored-by: Ryan Blue <blue@apache.org> Co-authored-by: Kevin Liu <kevinjqliu@users.noreply.github.com>
amogh-jahagirdar
commented
May 7, 2026
|
|
||
| configurations { | ||
| implementation { | ||
| exclude group: 'com.google.code.findbugs', module: 'jsr305' |
Contributor
Author
There was a problem hiding this comment.
Normally, I wouldn't do this in a patch release but I think there's a real concern with jsr305 and LGPL licnesing. Considering it's compile time only, I just excluded it along with sl4j (but slf4j was already excluded through a different mechanism)
…RELAX NG Datatype API (all bundled by Woodstox) Co-authored-by: Copilot <copilot@github.com>
kevinjqliu
approved these changes
May 7, 2026
Contributor
kevinjqliu
left a comment
kevinjqliu
left a comment
There was a problem hiding this comment.
LGTM!
The gcp-bundle/build.gradle changes is a backport of #16106
Verified NOTICE file
Verified LICENSE file, i diff the runtime-deps.txt between this PR and main. Heres the summary:
Removed
- org.jspecify:jspecify
- org.codehaus.woodstox:stax2-api
- com.fasterxml.woodstox:woodstox-core
- org.apache.commons:commons-lang3
- com.google.cloud.gcs.analytics:gcs-analytics-core
- com.google.cloud.gcs.analytics:client
- com.fasterxml.jackson.dataformat:jackson-dataformat-xml
Added - com.google.auto.value:auto-value
Push a new commit (2a6b556) to remove these from LICENSE, to align with the above changes
- JSpecify
- Stax2
- Apache Commons Lang
- MSV xsdlib / isorelax / … …RELAX NG Datatype API (all bundled by Woodstox). Note that woodstox was removed in this commit (4a6a3ba)
- GCS Analytics was also removed in this commit (4a6a3ba)
jackson-dataformat-xmlremove doesnt need any change, it was covered by the "Jackson JSON Processor" LICENSE
auto-value added is already part of the LICENSE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change does two things:
compared with main's runtime-deps and saw the following differences.
a.) Main bundles gcs analytics while 1.10 does not
b.) Main bundles woodstox while 1.10 does not
c.) Main does not bundle JSR while 1.10 does. For this since there's LGPL concerns with JSR and it's only needed at compile time, I just went ahead and excluded it.
I went back and excluded the license entries for gcs analytics/woodstox.