NIFI-13944: Upgrade Redis to 5.2.0 #9465
Conversation
|
Seems to build. But the bundled dependencies of Spring seem considerable and likely avoidable. The LICENSE/NOTICE is unchanged but clearly does need to change. Seems like at least a few modules also included that are likely in a parent class loader. Reviewing further but this is a good example of a dependency where maintenance jumps (major lines no less) are much more than bumping versions. |
There was a problem hiding this comment.
Thanks for the upgrade @mattyb149, this looks good from my perspective.
@joewitt, reviewing the current Redis NAR bundles, they contain roughly the same set of Spring Framework dependencies, most of which are transitive through Spring Data Redis. From that perspective, I think the upgrade works as it stands, although it does highlight the potential need for further review in a separate issue. It is worth noting, however, that only the Framework NAR contains the Spring libraries, so these would not be inherited from the nifi-standard-shared-nar. I will defer to you for further review.
|
Although for clarification, it looks like the |
| <exclusions> | ||
| <exclusion> | ||
| <groupId>org.json</groupId> | ||
| <artifactId>json</artifactId> |
There was a problem hiding this comment.
This version of the json library 20240303 is actually licensed under the Public Domain, not the historically banned license. For that reason, the exclusion is not necessary and the banned dependency settings can be adjusted.
pom.xml
Outdated
| <exclude>org.testng:testng</exclude> | ||
| <!-- Cat-X Deps --> | ||
| <exclude>org.json:json:*:*:compile</exclude> | ||
| <exclude>org.json:json:[,20240303]:compile</exclude> |
There was a problem hiding this comment.
Reviewing the Maven Version Ranges, it looks like this should use parentheses to indicate x < 20240303:
| <exclude>org.json:json:[,20240303]:compile</exclude> | |
| <exclude>org.json:json:(,20240303):compile</exclude> |
- Removed unnecessary spring-beans library from nifi-redis-extensions - Added BSD-3 License to nifi-redis-nar for antlr-runtime - Removed Commons Pool and Spring Framework from NOTICE in nifi-redis-nar - Added Google GSON to NOTICE for nifi-redis-service-api-nar - Removed Open JSON from NOTICE for nifi-redis-service-api-nar - Updated jedis and Spring versions in NOTICE - Added json Public Domain to NOTICE files
There was a problem hiding this comment.
Thanks for the updates @mattyb149. On further review, I noticed several additional updates needed, which I pushed in the latest commit. +1 merging
3 participants
Summary
NIFI-13944 This PR upgrades the Redis library to 5.2.0 along with the corresponding Spring Redis version, and excludes the banned org.json:json dependency in favor of Ted Dunning's version.
Tracking
Please complete the following tracking steps prior to pull request creation.
Issue Tracking
Pull Request Tracking
NIFI-00000NIFI-00000Pull Request Formatting
mainbranchVerification
Please indicate the verification steps performed prior to pull request creation.
Build
mvn clean install -P contrib-checkLicensing
LICENSEandNOTICEfilesDocumentation