[DCJ-400] Minor and patch dependency updates, inc. Spring Boot 3.2.4 -> 3.3.2 #1767
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
And Spring Dependency Manager 1.1.4 -> 1.1.6. Removed Spring Boot dependency overrides for transitive dependency vulnerabilities that are no longer needed. Removed dependency version specifications that can be derived from Spring Dependency Manager.
Fix breaking change: TableResult class is now abstract, we now use its builder to instantiate.
…r conflict Inspired by https://discuss.gradle.org/t/plugin-dependency-conflict-with-jib-and-srcclr/42355 Upgrade jib plugin to latest.
Was one patch version short previously.
okotsopoulos
added
dependency
org.antlr:ST4 4.3 -> 4.3.4 org.antlr:antlr4 4.8 -> 4.13.2
Both 5.2.0 -> 5.14.0: net.javacrumbs.shedlock:shedlock-provider-jdbc-template net.javacrumbs.shedlock:shedlock-spring
Address breaking change. getPao method now takes an additional argument: includeDeleted - Include deleted policy attribute objects in the response. Defaults to false.
… 1.45.0-SNAPSHOT Fix breaking change and make unit test stubs more precise.
Dependabot will try to do it anyway!
Addresses Sentry's 'Incompatible Spring Boot Version detected!' warning, following https://docs.sentry.io/platforms/java/guides/spring-boot/#install
Removed unused org.apache.hadoop dependencies hadoop-azure and hadoop-mapreduce-client-core. Needed to exclude the competing logback implementation for unit tests to pass. Otherwise they were failing with the following error: Caused by: java.lang.IllegalArgumentException: LoggerFactory is not a Logback LoggerContext but Logback is on the classpath. Either remove Logback or the competing implementation (class org.slf4j.reload4j.Reload4jLoggerFactory loaded from file:/Users/okotsopo/.gradle/caches/modules-2/files-2.1/org.slf4j/slf4j-reload4j/2.0.13/e8de9f981349fee84f8d708cd0ed2337d193faed/slf4j-reload4j-2.0.13.jar). If you are using WebLogic you will need to add 'org.slf4j' to prefer-application-packages in WEB-INF/weblogic.xml: org.slf4j.reload4j.Reload4jLoggerFactory
Used for Pact contract tests.
It was previously needed for logback, but we use XML now (logback hasn't supported groovy since 2021: https://logback.qos.ch/news.html#1.2.9)
okotsopoulos
changed the title
okotsopoulos
commented
Aug 7, 2024
| @@ -162,19 +162,13 @@ configurations { | |||
| runtimeClasspath | |||
| } | |||
|
|
|||
| // Spring Boot 3.2.4 pulls in opentelemetry-bom 1.31.0. | |||
| // It must have version >= 1.34.1 for compatibility with terra-common-lib 1.1.10: | |||
| ext['opentelemetry.version'] = '1.36.0' | |||
okotsopoulos
commented
Aug 7, 2024
| // It must have version >= 1.34.1 for compatibility with terra-common-lib 1.1.10: | ||
| ext['opentelemetry.version'] = '1.36.0' | ||
| // Spring Boot 3.2.4 pulls in io.netty:netty-bom 4.1.107.Final which is impacted by CVE-2024-29025. | ||
| ext['netty.version'] = '4.1.108.Final' |
There was a problem hiding this comment.
Now 4.1.111.Final.
okotsopoulos
commented
Aug 7, 2024
|
|
||
| // Need groovy on the class path for the logback config. Could use XML and skip this dependency, |
There was a problem hiding this comment.
We use XML now, and logback hasn't supported groovy since 2021: https://logback.qos.ch/news.html#1.2.9
… test SnapshotExportIntegrationTest.snapshotGsPathExportTest failed without it.
|
okotsopoulos
requested review from
rushtong and
fboulnois
and removed request for
a team
snf2ye
approved these changes
Aug 8, 2024
pshapiro4broad
approved these changes
Aug 8, 2024
| testImplementation ('org.apache.hadoop:hadoop-common:3.3.1') { | ||
| implementation 'io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations:2.6.0' | ||
|
|
||
| testImplementation 'org.apache.parquet:parquet-common:1.14.1' |
There was a problem hiding this comment.
For repeated values like this we could use a variable
dependencies {
ext {
parquet = '1.14.1'
}
testImplementation "org.apache.parquet:parquet-common:${parquet}"
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jira ticket: https://broadworkbench.atlassian.net/browse/DCJ-400
Addresses
Minor and patch dependency updates, which should take care of most of the updates proposed in #1763 (TDR's first grouped Dependabot PR) and triangulate on remaining troublesome ones.
I broke up my changes into logical commits for easier review.
Summary of changes
26.30.026.43.04.26.04.29.14.34.3.45.2.05.14.05.2.05.14.01.0.11-SNAPSHOT1.0.15-SNAPSHOT1.3.0-SNAPSHOT1.45.0-SNAPSHOT2.15.32.15.32.15.31.11.11.13.22.34.02.41.012.24.112.26.012.18.112.20.012.3.1812.4.32.2.02.6.01.12.01.14.11.12.01.14.11.12.01.14.11.12.01.14.11.12.01.14.13.3.13.4.03.3.13.3.13.4.04.3.194.6.124.3.194.6.124.84.13.23.0.74.7.54.7.62.5.02.5.12.0.62.0.73.2.03.4.31.5.81.5.103.2.43.3.21.1.41.1.62.4.12.4.2Testing Strategy