我正在做一個 scala spark 專案。我正在使用以下依賴項:
libraryDependencies =
Seq(
"org.apache.spark" %% "spark-core" % "2.2.0" ,
"org.apache.spark" %% "spark-sql" % "2.2.0" ,
"org.apache.spark" %% "spark-hive" % "2.2.0"
),
scalaVersion 設定為:
ThisBuild / scalaVersion := "2.11.8"
我得到以下錯誤:
[error] sbt.librarymanagement.ResolveException: unresolved dependency: org.apache.logging.log4j#log4j-api;2.11.1: Resolution failed several times for dependency: org.apache.logging.log4j#log4j-api;2.11.1 {compile=[compile(*), master(*)], runtime=[runtime(*)]}::
[error] typesafe-ivy-releases: unable to get resource for org.apache.logging.log4j#log4j-api;2.11.1: res=https://repo.typesafe.com/typesafe/ivy-releases/org.apache.logging.log4j/log4j-api/2.11.1/ivys/ivy.xml: java.io.IOException: Unexpected response code for CONNECT: 403
[error] sbt-plugin-releases: unable to get resource for org.apache.logging.log4j#log4j-api;2.11.1: res=https://repo.scala-sbt.org/scalasbt/sbt-plugin-releases/org.apache.logging.log4j/log4j-api/2.11.1/ivys/ivy.xml: java.io.IOException: Unexpected response code for CONNECT: 403
安全團隊已聯系我們洗掉易受攻擊的 log4j-core jar。之后,將其用作傳遞依賴項的專案失敗了。
有沒有辦法只升級 log4j 版本而不升級 scala 或 spark 版本?這應該是我可以強制編譯器不獲取易受攻擊的先前版本的 log4j-core jar 并在其位置可以使用不易受攻擊的 2.17.2 版本的方式。
我努力了 :
dependencyOverrides = "org.apache.logging.log4j" % "log4j-core" % "2.17.2"
我在 sbt 中也有 excludeAll 選項和 spark 依賴項,但兩種解決方案都沒有為我解決。
uj5u.com熱心網友回復:
我剛剛做了一些更新:
在我的 sbt 專案中添加了以下設定:

更新了以下設定以使用更新的版本:分別在 build.properties 和 assembly.sbt
sbt.version=1.6.2
addSbtPlugin("com.eed3si9n" % "sbt-assembly" % "1.1.0")
在頂部添加了 log4j 依賴項,以便任何傳遞依賴項現在都可以使用更新的版本。
下面給出的是我的一個專案的示例片段:
name := "project name"
version := "0.1"
scalaVersion := "2.11.8"
assemblyJarName in assembly := s"${name.value}-${version.value}.jar"
assemblyShadeRules in assembly := Seq(
ShadeRule.rename("com.google.**" -> "shaded.@1").inAll
)
lazy val root = (project in file(".")).settings(
test in assembly := {}
)
libraryDependencies = "org.apache.logging.log4j" % "log4j-core" % "2.17.2"
libraryDependencies = "org.apache.logging.log4j" % "log4j-api" % "2.17.2"
libraryDependencies = "org.apache.logging.log4j" % "log4j-slf4j-impl" % "2.17.2"
libraryDependencies = "org.apache.spark" %% "spark-sql" % "2.2.0" % "provided"
libraryDependencies = "org.apache.spark" %% "spark-mllib" % "2.2.0" % "provided"
libraryDependencies = "org.scalatest" %% "scalatest" % "3.0.0" % "test"
libraryDependencies = "com.typesafe" % "config" % "1.3.1"
libraryDependencies = "org.scalaj" %% "scalaj-http" % "2.4.0"
僅在依賴項之間存在沖突的情況下才應提供以下內容:
assemblyMergeStrategy in assembly := {
case PathList("META-INF", xs @ _*) => MergeStrategy.discard
case PathList("org", "slf4j", xs@_*) => MergeStrategy.first
case x => MergeStrategy.first
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/493056.html
