Open shrede01 opened 3 months ago
@mario-guerra could you assist in routing this Microsoft Batch SDK issue reported by @shrede01 please?
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @bgklein @cRui861 @dpwatrous @gingi @mksuni @mscurrell @paterasMSFT.
Adding @dpwatrous. Dave, this looks like another dependency issue that could potentially be resolved by the Track 2 preview release. What do you think?
This is a dependency of com.microsoft.rest:client-runtime
so the Batch team can't fix it directly. However, as @mario-guerra mentioned, we are working on releasing a new Batch SDK which is based on the modern, supported com.azure:azure-*
libraries.
We're hoping to have a preview release out this month. I will update this issue as soon as it is published.
Update: We have a beta version of the new SDK package (azure-compute-batch) available on Maven Central. This version is based on the latest core SDK libraries, and should resolve the Guava conflict.
Our application has dependency on guava 33.1.0-jre, but this application also needs to leverage batch sdk('com.microsoft.azure:azure-batch:11.0.0') to interact with the azure batch account. Since batch uses guava version 20, and our application relies on higher version, when trying to hit batch api we are getting into issues like:
And as we can see from dependency tree seems like the client runtime is the one pulling in the old version of dependency:
+--- com.microsoft.azure:azure-batch:11.0.0 | +--- com.microsoft.azure:azure-client-runtime:1.7.14 | | --- com.microsoft.rest:client-runtime:1.7.14 | | +--- com.google.guava:guava:20.0
Now from https://github.com/Azure/azure-sdk-for-java/issues/29586 I understand the need to support java 7, but could we not introduce a cut off version or a new version that supports using latest version of guava and hence along with it fix security vulnerabilities.
Until this is resolved we are forced to use guava 20 in our application which raises red flag with our devOps/security team to deploy the app.