+1 with moving Cassandra et al. to their own repo On Tue, 26 Apr 2022, 20:48 Ralph Goers <[email protected]> wrote:
> I really think Cassandra should move to its own repo. We probably need > 2 modules - one for Cassandra 3 and one for 4. For reference, here are > the download stats for last month. > > log4j-api 20818654 0.27623504 > log4j-bom 20505054 0.27207401 > log4j-core 10632456 0.14107814 > log4j-to-slf4j 10417835 0.13823041 > log4j-slf4j-impl 6187291 0.08209689 > log4j-1.2-api 1677720 0.02226105 > log4j-web 1307038 0.01734261 > log4j-jul 1185935 0.01573573 > log4j 1082051 0.01435734 > log4j-jcl 557238 0.00739379 > log4j-slf4j18-impl 258866 0.0034348 > log4j-iostreams 200289 0.00265756 > log4j-layout-template-json 169752 0.00225238 > log4j-appserver 138481 0.00183745 > log4j-api-scala_2.12 71156 9.44E-04 > log4j-api-kotlin 22779 3.02E-04 > log4j-api-scala_2.11 15613 2.07E-04 > log4j-taglib 14570 1.93E-04 > log4j-flume-ng 13060 1.73E-04 > log4j-nosql 11705 1.55E-04 > log4j-jmx-gui 11697 1.55E-04 > log4j-couchdb 10391 1.38E-04 > log4j-liquibase 9430 1.25E-04 > log4j-spring-boot 8042 1.07E-04 > log4j-api-scala_2.13 7041 9.34E-05 > log4j-spring-cloud-config-client 4735 6.28E-05 > log4j-jpa 3303 4.38E-05 > log4j-kubernetes 2771 3.68E-05 > log4j-docker 2644 3.51E-05 > log4j-jpl 2376 3.15E-05 > log4j-cassandra 2186 2.90E-05 > log4j-mongodb3 2186 2.90E-05 > log4j-osgi 1895 2.51E-05 > log4j-jdbc-dbcp2 1757 2.33E-05 > log4j-mongodb4 1489 1.98E-05 > log4j-mongodb2 1008 1.34E-05 > log4j-jakarta-web 682 9.05E-06 > log4j-audit-parent 507 6.73E-06 > slf4j-impl 488 6.48E-06 > log4j-audit 439 5.82E-06 > log4j-catalog 436 5.79E-06 > log4j-catalog-api 427 5.67E-06 > log4j-audit-api 422 5.60E-06 > log4j-api-scala_2.10 292 3.87E-06 > log4j-spring-cloud-config 186 2.47E-06 > log4j-catalog-jpa 149 1.98E-06 > log4j-catalog-git 147 1.95E-06 > log4j12-api 135 1.79E-06 > log4j-catalog-editor 128 1.70E-06 > log4j-audit-war 124 1.65E-06 > log4j-audit-maven-plugin 123 1.63E-06 > log4j-to-jul 114 1.51E-06 > log4j-core-its 98 1.30E-06 > log4j-mongodb 92 1.22E-06 > log4j-perf 62 8.23E-07 > log4j-api-kotlin-benchmark 56 7.43E-07 > log4j-api-kotlin-sample 55 7.30E-07 > log4j-api-kotlin-parent 47 6.24E-07 > log4j-scala 14 1.86E-07 > > Ralph > > > On Apr 26, 2022, at 5:40 PM, Matt Sicker <[email protected]> wrote: > > > > * Agreed on servlet API. > > * Cassandra does need to be upgraded to at least 3.x, though there's > > also 4.x out now with a slightly different API which might make sense > > as a separate module from Cassandra 3.x support > > * Felix can likely be bumped to something more recent. We could > > potentially update the OSGi dependency, too, to match this, but not as > > big a deal. > > * There are multiple OSGi Maven plugins; it's possible that the one > > we're using has fallen out of favor. I remember https://bndtools.org > > being one of the sort of canonical OSGi build tools project, and > > there's a Maven plugin for it. > > > > On Mon, Apr 25, 2022 at 2:20 PM Piotr P. Karwasz > > <[email protected]> wrote: > >> > >> Hello, > >> > >> Dependabot has reached the maximum number of PRs allowed by its > >> configuration, so I believe it is spring cleaning time. > >> > >> Some actions are no brainers: > >> > >> * `javax.servlet-api` ( > https://github.com/apache/logging-log4j2/pull/803) > >> should stay at 3.0, since we don't use features from higher version, > >> * `cassandra-all` 2.2.8 ( > https://github.com/apache/logging-log4j2/pull/817) > >> is unsupported and has 2 vulnerabilities. We should switch to 3.0.26, > >> although this requires some code changes. Do we need to do it before > 2.18.0? > >> > >> Other 'bumps' require IMHO some discussion: > >> > >> * `org.apache.felix.framework` is used only for testing. Should we > switch > >> to a newer version? > >> * `maven-bundle-plugin`: documentation seems to be stuck at 4.2.1, while > >> the implementation reached 5.1.4. Do we need to upgrade? > >> > >> Piotr > >
