Skip to content

[SPARK-53954][BUILD] Bump Avro 1.12.1 #52664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[SPARK-53954][BUILD] Bump Avro 1.12.1 #52664

wants to merge 1 commit into from

Conversation

@pan3793
Copy link
Member

@pan3793 pan3793 commented Oct 20, 2025

What changes were proposed in this pull request?

As title, bump Avro to the latest patched version (contains security fixes).

Why are the changes needed?

Release Notes are available at apache/avro#3518

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Pass GHA.

Was this patch authored or co-authored using generative AI tooling?

No.

@pan3793 pan3793 marked this pull request as draft October 20, 2025 13:22
@pan3793
Copy link
Member Author

pan3793 commented Oct 20, 2025
edited
Loading

I'm not sure if there are some bugs in sbt-pom-reader, I manually checked the output of build/sbt dependencyTree and ensured there is no jackson-databind:2.20.0, but the test fails consistently with

$ build/sbt -Phive "hive/testOnly org.apache.spark.sql.hive.JavaDataFrameSuite"
...
[error] Caused by: java.lang.ExceptionInInitializerError: Exception com.fasterxml.jackson.databind.JsonMappingException: Scala module 2.19.2 requires Jackson Databind version >= 2.19.0 and < 2.20.0 - Found jackson-databind version 2.20.0 [in thread "pool-1-thread-1"]
[error]     at com.fasterxml.jackson.module.scala.JacksonModule.setupModule(JacksonModule.scala:61)
[error]     at com.fasterxml.jackson.module.scala.JacksonModule.setupModule$(JacksonModule.scala:46)
[error]     at com.fasterxml.jackson.module.scala.DefaultScalaModule.setupModule(DefaultScalaModule.scala:17)
[error]     at com.fasterxml.jackson.databind.ObjectMapper.registerModule(ObjectMapper.java:909)
[error]     at org.apache.spark.rdd.RDDOperationScope$.<clinit>(RDDOperationScope.scala:82)
[error]     ... 15 more
[info] Test run finished: 2 failed, 0 ignored, 2 total, 4.527s
[error] Failed: Total 2, Failed 2, Errors 0, Passed 0
[error] Failed tests:
[error] 	org.apache.spark.sql.hive.JavaDataFrameSuite
[error] (Test / testOnly) sbt.TestsFailedException: Tests unsuccessful
[error] Total time: 42 s, completed Oct 20, 2025, 10:32:36 PM

I haven't figured out the root causes, instead, I tried another approach (#52668) to manage the Jackson deps, and it solves the issue.

@pan3793 pan3793 mentioned this pull request Oct 20, 2025
Closed
@dongjoon-hyun
Copy link
Member

Thank you, @pan3793 . Yes, let's try #52668 first.

@dongjoon-hyun
Copy link
Member

I merged the following. Could you rebase this PR once more, @pan3793 ?

@pan3793 pan3793 marked this pull request as ready for review October 21, 2025 17:28
@pan3793
Copy link
Member Author

pan3793 commented Oct 21, 2025

@dongjoon-hyun I rebased on master and verified the test which failed previously, now works

$ build/sbt -Phive "hive/testOnly org.apache.spark.sql.hive.JavaDataFrameSuite"
...
[info] Test org.apache.spark.sql.hive.JavaDataFrameSuite#saveTableAndQueryIt() started
[info] Test run finished: 0 failed, 0 ignored, 2 total, 5.609s
[info] Passed: Total 2, Failed 0, Errors 0, Passed 2
[success] Total time: 275 s (0:04:35.0), completed Oct 22, 2025, 1:27:51 AM

let's wait for CI result.

BTW, this Avro release seems to have security fixes, do you think we should backport this to branch-4.0? if so, jackson bom PR should be backported first.

dongjoon-hyun
dongjoon-hyun approved these changes Oct 21, 2025
View reviewed changes
Copy link
Member

@dongjoon-hyun dongjoon-hyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, LGTM. Thank you, @pan3793 .

Merged to master for Apache Spark 4.1.0-preview3.

@pan3793 pan3793 mentioned this pull request Oct 28, 2025
Open
Yicong-Huang pushed a commit to Yicong-Huang/spark that referenced this pull request Oct 30, 2025
@pan3793 @Yicong-Huang
[SPARK-53954][BUILD] Bump Avro 1.12.1
2188bd9 
### What changes were proposed in this pull request?

As title, bump Avro to the latest patched version (contains security fixes).

### Why are the changes needed?

Release Notes are available at apache/avro#3518

### Does this PR introduce _any_ user-facing change?

No.

### How was this patch tested?

Pass GHA.

### Was this patch authored or co-authored using generative AI tooling?

No.

Closes apache#52664 from pan3793/SPARK-53954.

Authored-by: Cheng Pan <chengpan@apache.org>
Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dongjoon-hyun dongjoon-hyun dongjoon-hyun approved these changes

Assignees

No one assigned

Labels

BUILD DOCS SQL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pan3793 @dongjoon-hyun