apache
HADOOP-19503. Use jackson-bom to set jackson versions
Description of PR
Use jackson-bom to set jackson versions. This simplifies the build config, and also ensures that possible implicit transitive sub-modules are also dependency managed to the same version.
How was this patch tested?
CI Compared dependency:list output pre- and post-patch
For code changes:
- [X] Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
- [ ] Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
- [ ] If applicable, have you updated the
LICENSE,LICENSE-binary,NOTICE-binaryfiles?
:broken_heart: -1 overall
| Vote | Subsystem | Runtime | Logfile | Comment |
|---|---|---|---|---|
| +0 :ok: | reexec | 14m 42s | Docker mode activated. | |
| _ Prechecks _ | ||||
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. | |
| +0 :ok: | codespell | 0m 0s | codespell was not available. | |
| +0 :ok: | detsecrets | 0m 0s | detect-secrets was not available. | |
| +0 :ok: | xmllint | 0m 0s | xmllint was not available. | |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. | |
| -1 :x: | test4tests | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | |
| _ trunk Compile Tests _ | ||||
| +0 :ok: | mvndep | 7m 0s | Maven dependency ordering for branch | |
| +1 :green_heart: | mvninstall | 28m 18s | trunk passed | |
| +1 :green_heart: | compile | 15m 39s | trunk passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 | |
| +1 :green_heart: | compile | 16m 8s | trunk passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 | |
| +1 :green_heart: | mvnsite | 1m 39s | trunk passed | |
| +1 :green_heart: | javadoc | 1m 28s | trunk passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 | |
| +1 :green_heart: | javadoc | 1m 21s | trunk passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 | |
| +1 :green_heart: | shadedclient | 98m 30s | branch has no errors when building and testing our client artifacts. | |
| _ Patch Compile Tests _ | ||||
| +0 :ok: | mvndep | 0m 32s | Maven dependency ordering for patch | |
| +1 :green_heart: | mvninstall | 0m 53s | the patch passed | |
| +1 :green_heart: | compile | 14m 56s | the patch passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 | |
| +1 :green_heart: | javac | 14m 56s | the patch passed | |
| +1 :green_heart: | compile | 15m 59s | the patch passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 | |
| +1 :green_heart: | javac | 15m 59s | the patch passed | |
| +1 :green_heart: | blanks | 0m 0s | The patch has no blanks issues. | |
| +1 :green_heart: | mvnsite | 1m 44s | the patch passed | |
| +1 :green_heart: | javadoc | 1m 24s | the patch passed with JDK Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 | |
| +1 :green_heart: | javadoc | 1m 22s | the patch passed with JDK Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 | |
| +1 :green_heart: | shadedclient | 33m 8s | patch has no errors when building and testing our client artifacts. | |
| _ Other Tests _ | ||||
| +1 :green_heart: | unit | 0m 39s | hadoop-project in the patch passed. | |
| +1 :green_heart: | unit | 1m 11s | hadoop-yarn-applications-catalog-webapp in the patch passed. | |
| +1 :green_heart: | asflicense | 1m 2s | The patch does not generate ASF License warnings. | |
| 183m 40s |
| Subsystem | Report/Notes |
|---|---|
| Docker | ClientAPI=1.52 ServerAPI=1.52 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8074/1/artifact/out/Dockerfile |
| GITHUB PR | https://github.com/apache/hadoop/pull/8074 |
| Optional Tests | dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint |
| uname | Linux 91082cc7930a 5.15.0-156-generic #166-Ubuntu SMP Sat Aug 9 00:02:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/bin/hadoop.sh |
| git revision | trunk / bc251eb89a1a023f5b87a9ca949abde964688435 |
| Default Java | Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 |
| Multi-JDK versions | /usr/lib/jvm/java-21-openjdk-amd64:Ubuntu-21.0.7+6-Ubuntu-0ubuntu120.04 /usr/lib/jvm/java-17-openjdk-amd64:Ubuntu-17.0.15+6-Ubuntu-0ubuntu120.04 |
| Test Results | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8074/1/testReport/ |
| Max. process+thread count | 616 (vs. ulimit of 5500) |
| modules | C: hadoop-project hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-applications-catalog/hadoop-yarn-applications-catalog-webapp U: . |
| Console output | https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8074/1/console |
| versions | git=2.25.1 maven=3.9.11 |
| Powered by | Apache Yetus 0.14.0 https://yetus.apache.org |
This message was automatically generated.
the main thing we need to do with aggregate imports is be confident that when a hadoop-* module imports a dependency d, and d depends on jackson-something, then our choice of jackson artifacts overrides whatever version of jackson-something that artifact d declared.
And that is, well, tricky.
If some hadoop module says I depend on jackson-bom 2.18 and so we get 2.18 jackson-core that way, it is coming in transitively, one two levels down the tree. If something downstream pulls in hadoop-common and a different jackson-core artifact, whether that different one comes in or not depends on depth down the tree which the artifact was declared (closest to root resolution, not newest version). By importing via a bom.pom we're pushing our dependencies down one level.
That doesn't mean it's bad, only that it has consequences in version resolution, consequences which may surface downstream.
Note: maven 4 has explicit BOM artifacts; no idea what they bring here. https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Bill_of_Materials_.28BOM.29_POMs
If some hadoop module says I depend on jackson-bom 2.18 and so we get 2.18 jackson-core that way, it is coming in transitively, one two levels down the tree.
I don't think replacing the explicit dependency management entries with the imported BOM has any effect on downstream projects. The BOM itself does not get added as a parent of the jackson artifacts.
AFAIU importing the bom is equivalent to copying its dependencyManagement entries the dependencyManagement section, the hadoop artifacts will still have the same dependencies at the same level as before.
I have run dependency:tree on trunk and with this patch. The only difference is that the transitive com.fasterxml.jackson.datatype:jackson-datatype-jsr310 and com.fasterxml.jackson.dataformat:jackson-dataformat-smile dependencies were previously not dependency managed, and with the patch they are.