aglinxinyuan commented on PR #6180:
URL: https://github.com/apache/texera/pull/6180#issuecomment-4888306416
The failing `build / amber` check is the LICENSE-binary direct-dep drift
guard — the amber dist now bundles `slf4j-api-2.0.18.jar` but
`amber/LICENSE-binary-java` still claimed `1.7.26`:
```
DRIFT (direct) JVM jars — claimed versions differ from bundled:
~ org.slf4j.slf4j-api: LICENSE-binary=1.7.26 bundled=2.0.18 → update in
amber/LICENSE-binary-java
```
Fixed with two edits on top of this branch:
- `amber/LICENSE-binary-java` — claim `slf4j-api-2.0.18.jar`
- `common/workflow-operator/build.sbt` — bump the duplicate kjetland
`slf4j-api` block Dependabot missed (evicted to 2.0.18 at resolve time anyway;
aligned so the declaration is honest)
Verified locally by reproducing the exact CI command against a synthesized
dist `lib/` (all 407 claimed jars, `slf4j-api` at 2.0.18, `ssl-config-core` at
the real bundled 0.7.1):
| Scenario | `check_binary_deps.py --ignore-transitive-version jar` |
|---|---|
| **Fixed** (slf4j-api 2.0.18) | `OK: 407 JVM jars match LICENSE-binary` —
exit 0 ✅ |
| **Control** (pre-fix 1.7.26) | `DRIFT (direct) ~ org.slf4j.slf4j-api:
1.7.26 → 2.0.18` — exit 1 ❌ (matches the CI failure verbatim) |
The `com.typesafe.ssl-config-core` line in the log is
transitive/informational (the nightly exact-match check on main refreshes
those) — it doesn't block PR-mode. NOTICE-binary is unaffected: the generator
is version-less and slf4j ships no NOTICE block.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]