Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jackson 2.10.0 #1088

Merged
merged 5 commits into from
Oct 18, 2019
Merged

Jackson 2.10.0 #1088

merged 5 commits into from
Oct 18, 2019

Conversation

barchetta
Copy link
Member

Upgrade Jackson to 2.10.0. This should reduce the stream of CVE patches. For more details see

https://medium.com/@cowtowncoder/jackson-2-10-features-cd880674d8a2

@barchetta barchetta requested a review from ljnelson October 8, 2019 21:21
@barchetta barchetta self-assigned this Oct 8, 2019
ljnelson
ljnelson previously approved these changes Oct 8, 2019
View reviewed changes
@barchetta
Copy link
Member Author

barchetta commented Oct 8, 2019
edited
Loading

Hmmm...I've seen what looks to be a webserver crash both in the pipeline and now on my local machine with this change. Investigating...

@barchetta
Copy link
Member Author

I've reproduced a failure locally:

java.lang.NoClassDefFoundError: com/fasterxml/jackson/core/TSFBuilder
        at io.smallrye.openapi.runtime.io.OpenApiSerializer.serialize(OpenApiSerializer.java:106)
        at io.helidon.openapi.OpenAPISupport.formatDocument(OpenAPISupport.java:224)

Looks like this class might not exist in 2.10.

@barchetta barchetta changed the title Jackson 2.10.0 WIP: Jackson 2.10.0 Oct 12, 2019
@ljnelson
Copy link
Member

Hmm, no, TSFBuilder exists only in 2.10 and later (see http://fasterxml.github.io/jackson-core/javadoc/2.10/com/fasterxml/jackson/core/TSFBuilder.html).

@barchetta
Copy link
Member Author

barchetta commented Oct 17, 2019
edited
Loading

OK, the problem was microprofile/tests/tck/tck-opentracing depends on Jackson 2.9.0 and implements this dependency in source using shrinkwrap. Due to a bug in shrinkwrap having to do with proxies, we added some explicit dependencies in the pom to trigger downloads so we don't hit the proxy bug.

Because of the above we ended up with a combination of Jackson 2.10.0 and 2.9.0 on the classpath leading to issues. The work-around is to force the use of Jackson 2.9.0 for this test.

With this change the pipeline is passing.

@barchetta barchetta changed the title WIP: Jackson 2.10.0 Jackson 2.10.0 Oct 18, 2019
@barchetta barchetta added this to the 1.4 milestone Oct 18, 2019
@barchetta barchetta merged commit b822e77 into helidon-io:master Oct 18, 2019
@barchetta barchetta deleted the jackson-2.10.0 branch October 28, 2019 15:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@romain-grecourt romain-grecourt romain-grecourt approved these changes

@ljnelson ljnelson ljnelson left review comments

Assignees

@barchetta barchetta

Labels
None yet
Projects
None yet
Milestone
1.4
Development

Successfully merging this pull request may close these issues.
3 participants
@barchetta @ljnelson @romain-grecourt