yashmayya opened a new pull request, #18469: URL: https://github.com/apache/pinot/pull/18469
Supersedes #18461, which fails to resolve because in Groovy 3.x `groovy-all` is published as a POM aggregator rather than a fat JAR — Dependabot's pure version bump leaves Maven looking for `groovy-all-3.0.25.jar` on Central, which 404s. Adding `<type>pom</type>` to the dependency declaration resolves it. ## Changes - `pom.xml`: bump `groovy-all` 2.4.21 → 3.0.25, rename property to `groovy.version`, add `<type>pom</type>`. - `pinot-spi/pom.xml`: mirror the `<type>pom</type>` on the consumer declaration. ## Test plan Verified Groovy-touching tests across the affected modules: | Module | Test | Result | |---|---|---| | pinot-spi | `GroovyTemplateUtilsTest`, `IngestionJobLauncherTest` | 10/10 | | pinot-common | (compile-only — no direct tests) | ✓ | | pinot-core | `GroovyFunctionEvaluatorTest`, `SchemaUtilsTest`, `PartitionerTest`, `TransformQueriesTest` | 36/36 | | pinot-broker | `QueryValidationTest` | 5/5 | | pinot-segment-local | `FunctionPackageCompatibilityTest`, `RecordTransformerTest`, `ExpressionTransformerTest`, `IngestionUtilsTest`, `TableConfigUtilsTest`, `SegmentGenerationWithFilterRecordsTest` | 92/92 | 143/143 passing on JDK 21. `SecureASTCustomizer` API surface (`setImportsWhitelist`, `setReceiversWhiteList`, `addExpressionCheckers`, `MethodCallExpression`, `ImportCustomizer`, etc.) is unchanged between Groovy 2.4 and 3.0, and the malicious-script blocklist (System.exit, `.execute()`, metaClass tricks, `PinotAdministrator.main`) continues to be rejected. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
