I have opened https://issues.apache.org/jira/browse/CALCITE-6811 to replace the deprecated Httpclient API calls.
On Wed, Jan 29, 2025 at 10:06 AM Istvan Toth <st...@cloudera.com> wrote: > At least half of those deprecations (and most of the ugliest suppressions) > are related to the old Http Client Configurable interfaces which are not > implemented by anything in our codebase. > > We could either completely remove them (which technically breaks backwards > compatibility with users implementing custom http clients), or un-deprecate > them. > > I would also look at the non-SPNEGO related apache httpclient > deprecations, to see if they can be fixed properly instead of suppressing. > > > > On Tue, Jan 28, 2025 at 6:35 PM Chris Dennis > <chris.w.den...@ibm.com.invalid> wrote: > >> Seemed like a relatively simple mechanical change: >> https://github.com/apache/calcite-avatica/pull/272 >> >> Let me know if anything is inappropriate. Note that due to 1.8 source >> compatibility there’s some fairly ugly FQCN references that cannot be >> avoided. >> >> Chris >> >> From: Julian Hyde <jhyde.apa...@gmail.com> >> Date: Tuesday, January 28, 2025 at 10:33 AM >> To: dev@calcite.apache.org <dev@calcite.apache.org> >> Subject: [EXTERNAL] Re: [DISCUSS] Towards Avatica 1.26.0 >> Why defer 5136? Ignoring deprecation warnings hurt us in the past. We >> logged 5136 so that it wouldn’t happen again. I think it’s ok to suppress >> deprecation warnings that we know are ok, so that we can have the build >> fail if new deprecation warnings occur. >> >> > On Jan 28, 2025, at 4:00 AM, Istvan Toth <st...@apache.org> wrote: >> > >> > Thanks to Stamatis and Chris the JDK23 support is in. >> > >> > According to the 1.26.0 release ticket(CALCITE-6589), there are two more >> > tasks left: >> > * A trivial Guava update >> https://github.com/apache/calcite-avatica/pull/270 >> > * and CALCITE-5136 Avatica build (or CI) must fail if there are >> deprecation >> > warnings >> > >> > Some of the deprecation warnings can only be fixed by brute force >> > suppression, >> > so I'd suggest removing CALCITE-5136 from the 1.26.0 release blockers. >> > >> > Istvan >> > >> >> On Wed, Jan 22, 2025 at 10:54 PM Francis Chuang < >> francischu...@apache.org> >> >> wrote: >> >> >> >> Can community members please help with reviewing this PR? >> >> >> >> https://github.com/apache/calcite-avatica/pull/251 >> >> >> >> It's a pretty big change, your help is much appreciated :) >> >> >> >>> On 17/01/2025 12:48 am, Istvan Toth wrote: >> >>> Thank you @Francis Chuang <francischu...@apache.org> for driving the >> >>> process. >> >>> >> >>> The one remaining non-trivial ticket is CALCITE-6590 for Java23+ >> support. >> >>> >> >>> It was discussed on this thread, and on the ticket. >> >>> I also consider the PR for that ready for review. >> >>> >> >>> >> >>> >> >>> On Sun, Jan 12, 2025 at 9:30 PM Francis Chuang < >> francischu...@apache.org >> >>> >> >>> wrote: >> >>> >> >>>> Hey everyone, >> >>>> Hope you had a great Christmas and New Year! >> >>>> >> >>>> I would like to continue the process of releasing Avatica 1.26.0. Can >> >>>> community members please consider reviewing the following PRs? >> >>>> >> >>>> - https://github.com/apache/calcite-avatica/pull/264 >> >>>> - https://github.com/apache/calcite-avatica/pull/261 >> >>>> - https://github.com/apache/calcite-avatica/pull/257 >> >>>> - https://github.com/apache/calcite-avatica/pull/251 >> >>>> >> >>>> Francis >> >>>> >> >>>> >> >>>> On 22/11/2024 7:54 am, Francis Chuang wrote: >> >>>>> We currently have 7 PRs that needs to be reviewed and merged for >> 1.26.0 >> >>>>> >> >>>>> Can community members please help review them? >> >>>>> >> >>>>> If community members have suggestions for resolving these 2 >> (especially >> >>>>> the gradle issue), it would be much appreciated: >> >>>>> >> >>>>> - https://github.com/apache/calcite-avatica/pull/257 >> >>>>> - https://github.com/apache/calcite-avatica/pull/264 >> >>>>> >> >>>>> On 1/11/2024 11:48 pm, Istvan Toth wrote: >> >>>>>>> >> >>>>>>> checkstyle is only used at runtime. >> >>>>>> >> >>>>>> >> >>>>>> Sorry, I meant build time. >> >>>>>> >> >>>>>> I also opened CALCITE-6661 to update the shadow plugin and asm >> >> library, >> >>>>>> shading Jackson 2.15.4 seems to require it. >> >>>>>> >> >>>>>> Istvan >> >>>>>> >> >>>>>> >> >>>>>> On Thu, Oct 31, 2024 at 9:32 PM Francis Chuang < >> >>>> francischu...@apache.org> >> >>>>>> wrote: >> >>>>>> >> >>>>>>> Thank you for opening these PRs, Istvan. >> >>>>>>> >> >>>>>>> Can someone please review these changes? >> >>>>>>> >> >>>>>>> On 1/11/2024 12:28 am, Istvan Toth wrote: >> >>>>>>>> I have opened the following component update tickets with PRs: >> >>>>>>>> >> >>>>>>>> CALCITE-6656 <https://issues.apache.org/jira/browse/CALCITE-6656 >> > >> >>>>>>>> Update >> >>>>>>>> owasp plugin from 5.2.2 to 10.0.4 in Avatica >> >>>>>>>> CALCITE-6657 <https://issues.apache.org/jira/browse/CALCITE-6657 >> > >> >>>>>>>> Update >> >>>>>>>> checkstyle from 10.3.2 to 10.19.0 in Avatica >> >>>>>>>> CALCITE-6658 <https://issues.apache.org/jira/browse/CALCITE-6658 >> > >> >>>>>>>> Update >> >>>>>>>> Jackson from 2.15.2 to 2.15.4 in Avatica >> >>>>>>>> CALCITE-6659 <https://issues.apache.org/jira/browse/CALCITE-6659 >> > >> >>>>>>>> Update >> >>>>>>>> Jetty from 9.4.44.v20210927 to 9.4.56.v20240826 in Avatica >> >>>>>>>> CALCITE-6660 <https://issues.apache.org/jira/browse/CALCITE-6660 >> > >> >>>>>>>> Update >> >>>>>>>> protobuf-java from 3.21.9 to 3.25.5 in Avatica >> >>>>>>>> >> >>>>>>>> This gets the OWASP plugin working, and updates some of the >> reported >> >>>>>>>> components. >> >>>>>>>> >> >>>>>>>> Jetty and Protobuf are possibly relevant, the Jackson CVE is >> >>>>>>>> disputed and >> >>>>>>>> probably invalid and checkstyle is only used at runtime. >> >>>>>>>> Even the latest Jetty has some CVEs, but there's not much we can >> do >> >>>>>>>> about >> >>>>>>>> that. >> >>>>>>>> >> >>>>>>>> Istvan >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> On Fri, Oct 25, 2024 at 7:44 AM Istvan Toth <st...@cloudera.com> >> >>>> wrote: >> >>>>>>>> >> >>>>>>>>> Re CALCITE-6590, I think we have agreed to go with the >> reflection >> >>>>>>>>> based >> >>>>>>>>> fix, but the PR < >> >> https://github.com/apache/calcite-avatica/pull/251 > >> >>>>>>> has >> >>>>>>>>> not been approved yet. >> >>>>>>>>> I need a review for the PR. >> >>>>>>>>> I have updated the JIRA description to match the solution we >> have >> >>>>>>> chosen. >> >>>>>>>>> >> >>>>>>>>> Istvan >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> On Fri, Oct 25, 2024 at 12:13 AM Francis Chuang < >> >>>>>>> francischu...@apache.org> >> >>>>>>>>> wrote: >> >>>>>>>>> >> >>>>>>>>>> Hey everyone, >> >>>>>>>>>> >> >>>>>>>>>> Just wanted to follow up on the open issues for Avatica 1.26.0. >> >>>>>>>>>> >> >>>>>>>>>> I would like to get the following into this release: >> >>>>>>>>>> - CALCITE-6590 - Run tests with java.security.manager=allow on >> >>>> JDK23+ >> >>>>>>> in >> >>>>>>>>>> Avatica >> >>>>>>>>>> -CALCITE-5136 - Avatica build (or CI) must fail if there are >> >>>>>>> deprecation >> >>>>>>>>>> warnings >> >>>>>>>>>> - CALCITE-6588 - Support JDK 23 and Guava 33.3.0 in Avatica >> >>>>>>>>>> >> >>>>>>>>>> Istvan, can you see if you can wrap up CALCITE-6590, so the >> other >> >> 2 >> >>>>>>>>>> issues can be worked on? >> >>>>>>>>>> >> >>>>>>>>>> Francis >> >>>>>>>>>> >> >>>>>>>>>> On 15/10/2024 3:46 pm, Francis Chuang wrote: >> >>>>>>>>>>> Now that Calcite 1.38.0 has been released, I think it's time >> to >> >>>>>>>>>>> start >> >>>>>>>>>>> the release process for Avatica 1.26.0. >> >>>>>>>>>>> >> >>>>>>>>>>> For starters, I would like to see CALCITE-6590 [1] in this >> >> release. >> >>>>>>>>>>> >> >>>>>>>>>>> Are there any other changes the community would like to see in >> >> this >> >>>>>>>>>>> release? >> >>>>>>>>>>> >> >>>>>>>>>>> I also note that we have 12 other open PRs that could >> potentially >> >>>> be >> >>>>>>>>>>> reviewed and merged. >> >>>>>>>>>>> >> >>>>>>>>>>> Francis >> >>>>>>>>>>> >> >>>>>>>>>>> [1] https://github.com/apache/calcite-avatica/pull/251 >> >>>>>>>>>>> >> >>>>>>>>>>> On 21/09/2024 9:54 am, Julian Hyde wrote: >> >>>>>>>>>>>>> Apache Pig hasn't released a new version for a long time. >> >>>>>>>>>>>> >> >>>>>>>>>>>> We should consider removing the Pig adapter at some point. >> >>>>>>>>>>>> >> >>>>>>>>>>>> Also upgrade the Spark adapter to a version that uses Hadoop >> 3.x >> >>>>>>>>>>>> rather than Hadoop 2.x. >> >>>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> -- >> >>>>>>>>> *István Tóth* | Sr. Staff Software Engineer >> >>>>>>>>> *Email*: st...@cloudera.com >> >>>>>>>>> cloudera.com <https://www.cloudera.com > >> >>>>>>>>> [image: Cloudera] <https://www.cloudera.com/ > >> >>>>>>>>> [image: Cloudera on Twitter] <https://twitter.com/cloudera > >> >> [image: >> >>>>>>>>> Cloudera on Facebook] <https://www.facebook.com/cloudera > >> [image: >> >>>>>>>>> Cloudera on LinkedIn] < >> https://www.linkedin.com/company/cloudera > >> >>>>>>>>> ------------------------------ >> >>>>>>>>> ------------------------------ >> >>>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>> >> >>>>> >> >>>> >> >>>> >> >>> >> >> >> >> >> > > > -- > *István Tóth* | Sr. Staff Software Engineer > *Email*: st...@cloudera.com > cloudera.com <https://www.cloudera.com> > [image: Cloudera] <https://www.cloudera.com/> > [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: > Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: > Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> > ------------------------------ > ------------------------------ > -- *István Tóth* | Sr. Staff Software Engineer *Email*: st...@cloudera.com cloudera.com <https://www.cloudera.com> [image: Cloudera] <https://www.cloudera.com/> [image: Cloudera on Twitter] <https://twitter.com/cloudera> [image: Cloudera on Facebook] <https://www.facebook.com/cloudera> [image: Cloudera on LinkedIn] <https://www.linkedin.com/company/cloudera> ------------------------------ ------------------------------
