Github user srowen commented on the pull request:
https://github.com/apache/spark/pull/10887#issuecomment-174288516
My major question is simply, does this break anything? the problem is that
not all transitive dependencies use this version of the httpclient. Although I
suspect it would be OK, assuming 4.5 is backwards-compatible with 4.3, and
tests would help reveal problems (and you're going to have to update the
dependencies file in the repo anyway to reflect the change), then this is
substantially OK.
Is there a particular fix we need in 4.5?
One good thing to do is examine the current set of dependencies and
evaluate all the different versions of this we use, and from where, and skim
release notes to see if there are likely any breaking changes.
Secondly, we probably need to clean up handling of this dependency more
thoroughly. Version needs to be declared once in the parent, and we probably
need to remove most if not all exclusions of this at this stage. They should be
redundant, but that also bears thinking through.
It's not a trivial exercise, but it would certainly help to study the state
of this fairly important dependency and clean it up. We can tolerate a little
breakage risk with Spark 2.x.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
