[
https://issues.apache.org/jira/browse/TINKERPOP-3060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17852154#comment-17852154
]
ASF GitHub Bot commented on TINKERPOP-3060:
-------------------------------------------
xiazcy commented on PR #2546:
URL: https://github.com/apache/tinkerpop/pull/2546#issuecomment-2148166240
Hi @HappyHacker123, much apologies for the late reply. I gave it some more
thoughts, and while this will be a great improvement, I don't think we are
quite ready to centralize these dependencies yet. The complexity is mainly due
to the way dependencies are currently managed that’s leading to conflicts and
may require module-specific versions, especially in hadoop and spark modules
(as you may see some of the code comments in the poms). We are looking to
improve this systemically, but before a decision is reached I think we’ll hold
off on this PR and close it for now.
If you are still interested and have thoughts or recommendations related to
dependency management, chime into our discussions for [removing
gremlin-shaded](https://lists.apache.org/thread/m7yvvz9zc69nzn0nr6vz0tdo3ggffoy6)
and [JPMS](https://lists.apache.org/thread/vkvqcxn6t2lsgpfym7v3g3qvksrh3cwc).
We'd love to see more opinions on these topics. Again, thank you for taking the
time submitting this PR!
> Dependency inconsistency between modules.
> -----------------------------------------
>
> Key: TINKERPOP-3060
> URL: https://issues.apache.org/jira/browse/TINKERPOP-3060
> Project: TinkerPop
> Issue Type: Improvement
> Components: build-release
> Reporter: Wei Zhao
> Priority: Major
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> h3. Problem Desciption
> Currently some modules of Tinkerpop are using the same dependency. However,
> some of these dependencies' versions are not centrally managed and therefore
> cause discrepancy.
> I found the following dependencies with different versions in different
> modules.
> {code:java}
> Dependency org.xerial.snappy:snappy-java:jar has inconsistent versions.
> Dependency {groupId=org.xerial.snappy, artifactId=snappy-java,
> version=1.1.8.4}
> /spark-gremlin
> Dependency {groupId=org.xerial.snappy, artifactId=snappy-java,
> version=1.1.8.2}
> /hadoop-gremlin
> ---------
> Dependency com.fasterxml.jackson.core:jackson-databind:jar has inconsistent
> versions.
> Dependency {groupId=com.fasterxml.jackson.core,
> artifactId=jackson-databind, version=2.15.2}
> /gremlin-shaded
> Dependency {groupId=com.fasterxml.jackson.core,
> artifactId=jackson-databind, version=2.13.5}
> /spark-gremlin
> /hadoop-gremlin
> ---------
> {code}
> h3. Possible Outcome:
> This increases the maintenance workload and may lead to dependency conflict
> for downstream projects. So it's better to align the versions of the
> dependencies if the discrepancy is not intentional.
> h3. Possible Solution
> Align the versions of the dependencies to ensure consistency and avoid
> possible conflicts. And if it's possible, manage the versions of the
> dependencies centrally.
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
