[JENKINS-41631, JENKINS-40088, JENKINS-43715, JENKINS-40979] - Update Stapler and Enforce upper bound deps #2956
Conversation
|
This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation. |
| @@ -95,6 +95,12 @@ THE SOFTWARE. | |||
| <dependency> | |||
| <groupId>com.google.inject</groupId> | |||
| <artifactId>guice</artifactId> | |||
| <exclusions> | |||
| <exclusion> <!-- TODO it seems to want Guava 16; apparently it manages to run against 11 --> | |||
There was a problem hiding this comment.
What could possibly go wrong? :(
There was a problem hiding this comment.
Well, we are already doing it—this just makes it apparent.
| <exclusions> | ||
| <exclusion> <!-- pick up from Stapler --> | ||
| <groupId>com.google.code.findbugs</groupId> | ||
| <artifactId>jsr305</artifactId> |
There was a problem hiding this comment.
Maybe it's safer to just define the newest version in this POM instead of adding exclusions
There was a problem hiding this comment.
Maybe. Not used at runtime anyway, so probably does not matter.
| @@ -53,7 +53,7 @@ THE SOFTWARE. | |||
| <dependency> | |||
| <groupId>${project.groupId}</groupId> | |||
| <artifactId>jenkins-test-harness</artifactId> | |||
| <version>2.20</version> | |||
| <version>2.23</version> | |||
There was a problem hiding this comment.
Unrelated to this change, I'd guess
There was a problem hiding this comment.
It is, to catch jenkinsci/jenkins-test-harness#62 which indeed got released as 2.23.
| @@ -239,6 +263,23 @@ THE SOFTWARE. | |||
| <skip>true</skip> | |||
| </configuration> | |||
| </plugin> | |||
| <plugin> <!-- TODO pending JENKINS-45271 fix, would be best to finish moving MavenModuleSet-specific tests to maven-plugin and delete the test dep here --> | |||
There was a problem hiding this comment.
Yeah, needs fix asap. OTOH, how many MavenPlugin-dependent tests do we have in the core? Maybe we should just move them elsewhere and remove the dependency.
There was a problem hiding this comment.
There are a bunch. I do think it would be wise to move them to maven-plugin and delete the dep. I just did not want to take it on in this PR; would confuse the issue too much.
There was a problem hiding this comment.
Could you please create a follow-up ticket for it?
| @@ -87,7 +87,7 @@ THE SOFTWARE. | |||
| <patch.tracker.serverId>jenkins-jira</patch.tracker.serverId> | |||
|
|
|||
| <guavaVersion>11.0.1</guavaVersion> | |||
| <slf4jVersion>1.7.7</slf4jVersion> <!-- < 1.6.x version didn't specify the license (MIT) --> | |||
| <slf4jVersion>1.7.25</slf4jVersion> | |||
There was a problem hiding this comment.
👍 been hit by this recently and this improvement shows it's worth it to avoid JENKINS-41631 being too much of a nightmare when it starts reaching plugins (I think now it's still so recent that only very few ever tried, or reverted it seeing that new error).
There was a problem hiding this comment.
Yes the intent here (together with the plugin-pom PR) was to allow a plugin using “newest everything” to build without warnings.
| @@ -53,7 +53,7 @@ THE SOFTWARE. | |||
| <dependency> | |||
| <groupId>${project.groupId}</groupId> | |||
| <artifactId>jenkins-test-harness</artifactId> | |||
| <version>2.20</version> | |||
| <version>2.23</version> | |||
There was a problem hiding this comment.
It is, to catch jenkinsci/jenkins-test-harness#62 which indeed got released as 2.23.
|
And so 🐝 for the tooling to catch up. |
There was a problem hiding this comment.
🐝 , a follow-up JIRA ticket for Maven Project tests is required. I or probably @aheritier will do it once we are around
|
@reviewbybees done |
oleg-nenashev
added
needs-more-reviews
|
This pull request has completed our internal processes and we now respectfully request the maintainers of this repository to consider our proposal contained within this pull request for merging. |
|
Blocked pending @oleg-nenashev’s re-review of upstream PR. |
| @@ -39,7 +39,7 @@ THE SOFTWARE. | |||
|
|
|||
| <properties> | |||
| <staplerFork>true</staplerFork> | |||
| <stapler.version>1.250</stapler.version> | |||
| <stapler.version>1.252</stapler.version> | |||
There was a problem hiding this comment.
Now I wonder why I didn't ask about this when reviewing: was this related to Enforcer Upper Bound Deps? Shouldn't it have been a dedicated PR?
Anyway, it revealed jenkinsci/stapler#128 for us, an internal plugin that does not compile anymore.
|
Ready for final review I think (assuming tests pass). |
|
The changelog entries should also refer Stapler upgrade, JENKINS-43715 and maybe JENKINS-40979 |
| @@ -128,7 +142,7 @@ THE SOFTWARE. | |||
| <dependency><!-- we exclude this transient dependency from htmlunit, which we actually need in the test --> | |||
| <groupId>xalan</groupId> | |||
| <artifactId>xalan</artifactId> | |||
| <version>2.7.1</version> | |||
| <version>2.7.2</version> | |||
There was a problem hiding this comment.
So it's bundled into the core, right? Maybe requires a changelog entry as well
|
Sigh, forgot to release the staging repo for 1.252. Did so now, but need to wait for Central synch and then trigger a new build. |
|
@reviewbybees done |
oleg-nenashev
removed
the
needs-more-reviews
|
Will merge towards the next weekly if there is no negative feedback by Thursday |
oleg-nenashev
changed the title
oleg-nenashev
changed the title
|
Added JENKINS-45903 to the changelog. We need to double-check changes in Stapler @daniel-beck |
|
1.252 does not seem to be complete: https://github.com/stapler/stapler/blob/master/CHANGELOG.md#1252 . |
| <plugin> | ||
| <groupId>org.apache.maven.plugins</groupId> | ||
| <artifactId>maven-enforcer-plugin</artifactId> | ||
| <version>3.0.0-M1</version> <!-- TODO 3.0.0 when released --> |
Follow-up to jenkinsci/plugin-pom#67. Downstream of jenkinsci/stapler#123.
Proposed changelog entries:
HttpResponses.htmland.plainTextin favor of.literalHtmland.textNullPointerExceptionfixNullPointerExceptionfixLargeText.GzipAwareSession@reviewbybees