mateusaubin opened a new pull request, #1101: URL: https://github.com/apache/arrow-java/pull/1101
## Summary - Reverts dependabot bump b8b597a0 that upgraded Derby from `10.15.2.0` to `10.17.1.0` - Derby 10.17.1.0 requires Java 19+ due to use of restricted `sun.misc.Unsafe` APIs — breaks builds on our current JDK target - No backport has been released by Derby maintainers (fix exists in repo but was never shipped); Derby is effectively unmaintained ## Context Derby is a **test-scope only** dependency in `flight/flight-sql` — it is not shipped to users. This was discussed in the daily sync and needs to be annotated in Vanta accordingly. ## Options considered | Option | Notes | |--------|-------| | ✅ **Revert (this PR)** | Unblocks builds immediately; accept risk given test-scope | | Remove Derby + disable tests | Cleaner long-term if we don't need it | | Replace with H2 | More actively maintained embedded DB | | Manage our own Derby `10.16.1.2` release | Full control but high maintenance burden | | Upgrade arrow-java/JDBC to JDK-21 | Would allow keeping `10.17.1.0`; larger scope change | ## Follow-up - [ ] Annotate in Vanta: test-scope dependency, originates from upstream arrow-java fork, not shipped to users - [ ] Decide long-term Derby strategy (see options above) ## Test plan - [ ] Build passes on current JDK target after revert - [ ] `flight/flight-sql` tests pass with Derby `10.15.2.0` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
