search

prestodb / presto

The official home of the Presto distributed SQL query engine for big data
http://prestodb.io
Apache License 2.0
16.06k stars 5.38k forks source link

Presto using older versions for multiple packages. | Issue integrating secrets manager with presto code. #18945

Open Joffin-johnson opened 1 year ago

Joffin-johnson commented 1 year ago

Presto using older versions for multiple packages. | Issue integrating secrets manager with presto code.

I am trying to integrate IBM Secrets Manager with presto code, to do so, I need to add some dependencies with presto-main package.

presto version : 0.278


<groupId>com.ibm.cloud</groupId>
<artifactId>secrets-manager</artifactId>
<artifactId>sdk-core</artifactId>

While trying to build the code, i was able to see transitive dependancies on com.squareup.okhttp3:okhttp, com.squareup.okhttp3:okhttp-urlconnection, commons-codec:commons-codec.

sharing error snippet:

Failed while enforcing RequireUpperBoundDeps. The error(s) are [ Require upper bound dependencies error for com.squareup.okhttp3:okhttp:3.9.0 paths to dependency are:

+-com.facebook.presto:presto-main:0.278.1-SNAPSHOT
 +-com.facebook.presto:presto-client:0.278.1-SNAPSHOT
  +-com.squareup.okhttp3:okhttp:3.9.0
and
+-com.facebook.presto:presto-main:0.278.1-SNAPSHOT
 +-com.ibm.cloud:secrets-manager:1.0.57
  +-com.ibm.cloud:sdk-core:9.17.4
   +-com.squareup.okhttp3:okhttp:3.9.0 (managed) <-- com.squareup.okhttp3:okhttp:4.10.0
and
+-com.facebook.presto:presto-main:0.278.1-SNAPSHOT
 +-com.facebook.presto:presto-client:0.278.1-SNAPSHOT
  +-com.squareup.okhttp3:okhttp-urlconnection:3.9.0
   +-com.squareup.okhttp3:okhttp:3.9.0 (managed) <-- com.squareup.okhttp3:okhttp:4.10.0
and
+-com.facebook.presto:presto-main:0.278.1-SNAPSHOT
 +-com.ibm.cloud:secrets-manager:1.0.57
  +-com.ibm.cloud:sdk-core:9.17.4
   +-com.squareup.okhttp3:logging-interceptor:4.10.0
    +-com.squareup.okhttp3:okhttp:3.9.0 (managed) <-- com.squareup.okhttp3:okhttp:4.10.0
  1. Is there any strategy/steps defined in presto community to resolve transitive dependancy ..?
  2. Will these packages upgraded to newer version in near future releases..?
rohanpednekar commented 1 year ago

Just to make a note here, Usually, we have seen users do shading of dependencies in case of dependency issues during these types of integrations. There are no active PRs at this movement to upgrade these packages to a newer version. However, if you can upgrade the version and open PR for us we will get it merged.

Also, feel free to attend monthly TSC meetings to bring up these kinds of issues.