Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.2.0 Jar seems to include an incoherent version number in its pom #57

Closed
nhumblot opened this issue May 30, 2024 · 4 comments · Fixed by #58
Closed

2.2.0 Jar seems to include an incoherent version number in its pom #57

nhumblot opened this issue May 30, 2024 · 4 comments · Fixed by #58

Comments

@nhumblot
Copy link

Expected Behavior

The <version> and <tag> XML tags have the 2.2.0 value

Actual Behavior

The <version> and <tag> XML tags have the 2.2.0\n value, not matching the actual version https://mvnrepository.com/artifact/com.google.summit/summit-ast/2.2.0

Steps to Reproduce the Problem

  1. Download the jar of the 2.2.0 version on Maven central
  2. unzip summit-ast-2.2.0.jar
  3. cat META-INF/maven/com.google.summit/summit-ast/pom.xml

This got identified during an investigation of an error faced during the execution of OWASP DependencyCheck: jeremylong/DependencyCheck#6688 (comment)

Specifications

  • Version: 2.2.0
  • Platform: Linux
@aaronhurst-google
Copy link
Collaborator

I’ve caught this a few times, but this one escaped.

The https://github.com/vaticle/bazel-distribution that generates pom.xml includes the exact contents of VERSION… including the trailing newline that most text editors will add by default.

I would prefer to move away from this dependency.

@nhumblot
Copy link
Author

nhumblot commented Jun 1, 2024

Hi @aaronhurst-google 👋

Thank you for your answer. Do you have an idea of what you would like to have as a replacement of this dependency? Would a PR, opened by a first time contributor, following these guidelines be considered if open?

@nhumblot
Copy link
Author

nhumblot commented Jun 2, 2024

Root cause in Bazel distribution has been identified: typedb/bazel-distribution#380

@farost
Copy link

farost commented Jun 3, 2024

Thank you for mentioning our issue!

As I understand, your problem comes from the assemble_maven rule, and its behavior has been fixed. You can try updating your dependency to this commit and check if the issue is still relevant.

adangel added a commit to adangel/summit-ast that referenced this issue Jun 6, 2024
@adangel
Bump vaticle_bazel_distribution to 8767cdec452c14274493c576a2955059ff…
2af6c3b 
…17f2e4

Changes: typedb/bazel-distribution@e61daa7...8767cde

Fixes google#57 in the future
@adangel adangel mentioned this issue Jun 6, 2024
Merged
2 tasks
aaronhurst-google pushed a commit that referenced this issue Jun 10, 2024
@adangel
Bump vaticle_bazel_distribution to 8767cdec452c14274493c576a2955059ff…
7369b1f 
…17f2e4 (#58)

Changes: typedb/bazel-distribution@e61daa7...8767cde

Fixes #57 in the future
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump vaticle_bazel_distribution to 8767cde adangel/summit-ast
3 participants
@nhumblot @farost @aaronhurst-google