[PR] [#10584] improvement(catalogs): Force jackson-databind to project-wide version in hive-metastore libs [gravitino]

Mon, 30 Mar 2026 03:10:09 -0700 


geyanggang opened a new pull request, #10585:
URL: https://github.com/apache/gravitino/pull/10585

   
   ### What changes were proposed in this pull request?
   
   
   Added `configurations.all { resolutionStrategy.force(...) }` in both 
`build.gradle.kts` to force `jackson-databind`, `jackson-core`, and 
`jackson-annotations` to the project-wide version (`2.15.2` from 
`libs.versions.toml`).
   
   ### Why are the changes needed?
   
   `jackson-databind:2.6.5` (in hive-metastore2-libs) and 
`jackson-databind:2.12.0` (in hive-metastore3-libs) are outdated transitive 
dependencies pulled in via `hive-metastore` → `hive-serde` → `hive-common`. 
Aligning them with the project-wide version (2.15.2) keeps the dependency set 
consistent and picks up upstream bug fixes.
   
   Unlike other transitive dependencies that can be simply excluded, 
jackson-databind is used at runtime by `hive-common` (for metrics JSON 
reporting and column stats serialization). Since `HiveClientClassLoader` loads 
these classes in an isolated classloader, Gradle's global version management 
does not apply — `resolutionStrategy.force` is needed to override the 
transitive version within these modules.
   
   Jackson 2.x guarantees backward compatibility across minor versions, and 
only basic stable APIs (`ObjectMapper`, `ObjectReader`, `ObjectWriter`) are 
used by the affected Hive classes.
   
   Fix: #10584 
   
   ### Does this PR introduce _any_ user-facing change?
   
   No.
   
   ### How was this patch tested?
   
   1. Verified build passes for `hive-metastore2-libs`, `hive-metastore3-libs`, 
`hive-metastore-common`, and `catalog-hive`.
   2. Verified tests pass for `hive-metastore-common` and `catalog-hive`.
   3. Confirmed only `jackson-databind-2.15.2.jar` (along with matching 
jackson-core and jackson-annotations) appears in build/libs after a clean build.
   4. Confirmed runtimeClasspath dependency tree resolves `2.6.5` → `2.15.2` 
and `2.12.0` → `2.15.2`.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to