twalthr opened a new pull request #16012: URL: https://github.com/apache/flink/pull/16012
## What is the purpose of the change Some security tools complain that the Guava version in Hive has known vulnerabilities. Also, as seen in the JIRA issue, users are complaining about the Guava version clashing with Hadoop 3.3. There a couple of guides that simply suggest to replace the Guava version: https://kontext.tech/column/hadoop/561/apache-hive-312-installation-on-linux-guide http://www.mtitek.com/tutorials/bigdata/hive/install.php Of course this is not officially supported. But by excluding Guava in our SQL connector JARs we make both security scanning tools and partially users happy. Apparently, Guava classes are still present in the JAR after exclusion (some issue on the Hive side?) therefore we additionally relocate them and have a high chance that Hive fully works after this change. The issue should be solved after Hive 4.0.0. ## Brief change log Rely on the Hadoop's Guava + relocate non-excluded Guava classes. ## Verifying this change This change is a trivial rework / code cleanup without any test coverage. ## Does this pull request potentially affect one of the following parts: - Dependencies (does it add or upgrade a dependency): yes - The public API, i.e., is any changed class annotated with `@Public(Evolving)`: no - The serializers: no - The runtime per-record code paths (performance sensitive): no - Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn/Mesos, ZooKeeper: no - The S3 file system connector: no ## Documentation - Does this pull request introduce a new feature? no - If yes, how is the feature documented? not applicable -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
