risdenk commented on code in PR #3615: URL: https://github.com/apache/solr/pull/3615#discussion_r2322217967
########## solr/core/gradle.lockfile: ########## @@ -38,9 +40,14 @@ com.google.protobuf:protobuf-java:3.25.8=annotationProcessor,errorprone,testAnno com.ibm.icu:icu4j:77.1=jarValidation,testRuntimeClasspath com.j256.simplemagic:simplemagic:1.17=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath com.jayway.jsonpath:json-path:2.9.0=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +com.nvidia.cuvs.lucene:cuvs-lucene:0.0.1-38e54-SNAPSHOT=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +com.nvidia.cuvs:cuvs-java:25.10.0-55985-SNAPSHOT=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +com.opencsv:opencsv:5.3=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath com.tdunning:t-digest:3.3=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +commons-beanutils:commons-beanutils:1.9.4=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath Review Comment: why 1.9.4? it has cves - https://security.snyk.io/package/maven/commons-beanutils%3Acommons-beanutils ########## solr/core/build.gradle: ########## @@ -95,6 +95,8 @@ dependencies { implementation libs.apache.lucene.spatialextras implementation libs.apache.lucene.suggest + // CUVS Lucene integration for GPU-accelerated vector search + implementation libs.cuvs.lucene Review Comment: does this need to be in core? Could it be in a module so it could be opt in to these dependencies? ########## solr/core/gradle.lockfile: ########## @@ -38,9 +40,14 @@ com.google.protobuf:protobuf-java:3.25.8=annotationProcessor,errorprone,testAnno com.ibm.icu:icu4j:77.1=jarValidation,testRuntimeClasspath com.j256.simplemagic:simplemagic:1.17=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath com.jayway.jsonpath:json-path:2.9.0=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +com.nvidia.cuvs.lucene:cuvs-lucene:0.0.1-38e54-SNAPSHOT=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +com.nvidia.cuvs:cuvs-java:25.10.0-55985-SNAPSHOT=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +com.opencsv:opencsv:5.3=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath com.tdunning:t-digest:3.3=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +commons-beanutils:commons-beanutils:1.9.4=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath commons-cli:commons-cli:1.10.0=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath commons-codec:commons-codec:1.19.0=apiHelper,compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +commons-collections:commons-collections:3.2.2=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath Review Comment: why commons-collections 3.x vs the newer 4.x? ########## solr/licenses/cuvs-java-25.10.0-55985-SNAPSHOT.jar.sha1: ########## @@ -0,0 +1 @@ +e33039ec96846420a5addf84ba68f72987421ae5 Review Comment: missing license/notice files for these added sha1 ########## solr/core/gradle.lockfile: ########## @@ -38,9 +40,14 @@ com.google.protobuf:protobuf-java:3.25.8=annotationProcessor,errorprone,testAnno com.ibm.icu:icu4j:77.1=jarValidation,testRuntimeClasspath com.j256.simplemagic:simplemagic:1.17=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath com.jayway.jsonpath:json-path:2.9.0=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +com.nvidia.cuvs.lucene:cuvs-lucene:0.0.1-38e54-SNAPSHOT=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +com.nvidia.cuvs:cuvs-java:25.10.0-55985-SNAPSHOT=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +com.opencsv:opencsv:5.3=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath com.tdunning:t-digest:3.3=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +commons-beanutils:commons-beanutils:1.9.4=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath commons-cli:commons-cli:1.10.0=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath commons-codec:commons-codec:1.19.0=apiHelper,compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath +commons-collections:commons-collections:3.2.2=compileClasspath,jarValidation,runtimeClasspath,runtimeLibs,testCompileClasspath,testRuntimeClasspath Review Comment: It looks like both 3.x and 4.x actually got added. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
