Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Organize dependency versions and update vulnerable jackson-databind version for fusion-endpoint #11659

Merged
merged 4 commits into from
Sep 3, 2021

Conversation

fluorumlabs
Copy link
Contributor

Description

This fix rearranges version properties in pom.xml files: common versions are moved from flow-server and fusion-endpoint up to the root pom.xml; unused properties are cleared

Type of change

  • Bugfix
  • Feature

Checklist

  • I have read the contribution guide: https://vaadin.com/docs/latest/guide/contributing/overview/
  • I have added a description following the guideline.
  • The issue is created in the corresponding repository and I have referenced it.
  • I have added tests to ensure my change is effective and works as intended.
  • New and existing tests are passing locally with my change.
  • I have performed self-review and corrected misspellings.

Additional for Feature type of change

  • Enhancement / new feature was discussed in a corresponding GitHub issue and Acceptance Criteria were created.

@mshabarov mshabarov self-requested a review August 30, 2021 11:17
mshabarov
mshabarov previously approved these changes Aug 31, 2021
Copy link
Contributor

@mshabarov mshabarov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The proposed change looks good to me.
However some fusion tests are failing because of breaking changes in jackson library.
The timezone format changes, example:

Expected :"2019-01-02T00:00:00.000+0000"
Actual   :"2019-01-02T00:00:00.000+00:00"

So if it satisfies Fusion, then we can just change the expectations in tests, @haijian-vaadin .

@fluorumlabs
Copy link
Contributor Author

This is the root cause for time serialization change: FasterXML/jackson-databind#2643
And this is the (temporary) workaround: FasterXML/jackson-databind#2643 (comment)

Practically it should be verified if JavaScript deserializer is ok with extended ISO-8601 format - we can just update failing tests

Jackson 2.12 also brings case-insensitive Boolean deserialization: FasterXML/jackson-databind#1852, which is harmless but breaks tests (note that this PR is for 2.11)

@fluorumlabs
Copy link
Contributor Author

Quick test shown that JS is parsing colon-separated TZ correctly.

@haijian-vaadin haijian-vaadin merged commit 6dc16c5 into master Sep 3, 2021
@haijian-vaadin haijian-vaadin deleted the dep-versions branch September 3, 2021 09:07
fluorumlabs added a commit that referenced this pull request Sep 3, 2021
…abind version for fusion-endpoint (#11659)

* Organize dependency versions

* Retrigger validation

* Update tests to reflect changes in FasterXML/jackson-databind#2643
fluorumlabs added a commit that referenced this pull request Sep 6, 2021
* Bump swagger-codegen to 3.0.27

* Fix formatting

* Fix formatting

* chore(deps): bump jetty.version (#11722)

Bumps `jetty.version` from 9.4.27.v20200227 to 9.4.43.v20210629.

Updates `jetty-maven-plugin` from 9.4.27.v20200227 to 9.4.43.v20210629
- [Release notes](https://github.com/eclipse/jetty.project/releases)
- [Commits](jetty/jetty.project@jetty-9.4.27.v20200227...jetty-9.4.43.v20210629)

Updates `jetty-webapp` from 9.4.27.v20200227 to 9.4.43.v20210629
- [Release notes](https://github.com/eclipse/jetty.project/releases)
- [Commits](jetty/jetty.project@jetty-9.4.27.v20200227...jetty-9.4.43.v20210629)

Updates `jetty-continuation` from 9.4.27.v20200227 to 9.4.43.v20210629

Updates `jetty-annotations` from 9.4.27.v20200227 to 9.4.43.v20210629
- [Release notes](https://github.com/eclipse/jetty.project/releases)
- [Commits](jetty/jetty.project@jetty-9.4.27.v20200227...jetty-9.4.43.v20210629)

Updates `websocket-server` from 9.4.27.v20200227 to 9.4.43.v20210629

---
updated-dependencies:
- dependency-name: org.eclipse.jetty:jetty-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-webapp
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-continuation
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty:jetty-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.eclipse.jetty.websocket:websocket-server
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump maven-clean-plugin from 3.0.0 to 3.1.0 (#11728)

Bumps [maven-clean-plugin](https://github.com/apache/maven-clean-plugin) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/apache/maven-clean-plugin/releases)
- [Commits](apache/maven-clean-plugin@maven-clean-plugin-3.0.0...maven-clean-plugin-3.1.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-clean-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump equalsverifier from 3.0 to 3.7.1 (#11723)

Bumps [equalsverifier](https://github.com/jqno/equalsverifier) from 3.0 to 3.7.1.
- [Release notes](https://github.com/jqno/equalsverifier/releases)
- [Changelog](https://github.com/jqno/equalsverifier/blob/main/CHANGELOG.md)
- [Commits](jqno/equalsverifier@equalsverifier-3.0...equalsverifier-3.7.1)

---
updated-dependencies:
- dependency-name: nl.jqno.equalsverifier:equalsverifier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump maven-enforcer-plugin from 1.4.1 to 3.0.0 (#11724)

Bumps [maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 1.4.1 to 3.0.0.
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](apache/maven-enforcer@enforcer-1.4.1...enforcer-3.0.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump exec-maven-plugin from 1.6.0 to 3.0.0 (#11727)

Bumps [exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) from 1.6.0 to 3.0.0.
- [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases)
- [Commits](mojohaus/exec-maven-plugin@exec-maven-plugin-1.6.0...exec-maven-plugin-3.0.0)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:exec-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump maven-dependency-plugin from 2.8 to 3.2.0 (#11738)

Bumps [maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 2.8 to 3.2.0.
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-2.8...maven-dependency-plugin-3.2.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump validation-api from 2.0.0.Final to 2.0.1.Final (#11735)

Bumps [validation-api](https://github.com/beanvalidation/beanvalidation-api) from 2.0.0.Final to 2.0.1.Final.
- [Release notes](https://github.com/beanvalidation/beanvalidation-api/releases)
- [Commits](jakartaee/validation@2.0.0.Final...2.0.1.Final)

---
updated-dependencies:
- dependency-name: javax.validation:validation-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump hsqldb from 2.2.6 to 2.6.0 (#11737)

Bumps hsqldb from 2.2.6 to 2.6.0.

---
updated-dependencies:
- dependency-name: org.hsqldb:hsqldb
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump mockito-core from 3.10.0 to 3.12.4 (#11733)

Bumps [mockito-core](https://github.com/mockito/mockito) from 3.10.0 to 3.12.4.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v3.10.0...v3.12.4)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: organize dependency versions and update vulnerable jackson-databind version for fusion-endpoint (#11659)

* Organize dependency versions

* Retrigger validation

* Update tests to reflect changes in FasterXML/jackson-databind#2643

* chore(deps): Override frontend-plugin-core dependencies (#11732)

This overrides outdated and vulnerable jackson-databind and httpclient with a more recent yet compatible versions.

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants