Description
Original Issue: apache#9558
Describe the bug
I tried updating pulsar to use latest bookkeeper (4.13 from master) and the same version of grpc that BK uses now and noticed that pulsar relies on maven to figure out dependency version to use.
It is not alway possible to do so safely. I.e. BK needs specific (not latest) version of grpc for the etcd client to work etc., pulsar might have similar issues.
What I noticed so far is:
pulsar uses netty 4.51, BK uses 4.50
pulsar uses grpc 1.18, BK - 1.33
pulsar uses netty-tc-native 2.0.33, BK - 2.0.31
these seem easy to update dlg99@624ca66 - build did not break, tests failed locally before these changes i didn't try dealing with the tests.
Pulsar uses Zookeeper 3.5.7, BK uses 3.6.2.
upgrade is not trivial, apache#8590 tackles this
Pulsar uses older version of prometheus and protobuf, newer version of jna.
I didn't try updating those.
there are possibly other differences that missed.
To Reproduce
compare dependency versions in pom files of bookkeeper and pulsar
Expected behavior
automated check for the difference in expected dependency versions?
Bring dependencies to the same versions - decide what to upgrade, what to downgrade.
Decide on the process to keep them in sync.
"The gRPC team recommends always using Maven Enforcer's requireUpperBoundDeps to detect when Maven is poorly choosing versions" https://stackoverflow.com/a/59884856