Bump jersey2-api from 2.35-5 to 2.35-6 in /bom-weekly

[dependabot]

Bumps jersey2-api from 2.35-5 to 2.35-6.

Release notes

Sourced from jersey2-api's releases.

2.35-6

💥 Breaking changes

The following plugins must be upgraded in lockstep:

• Jackson 2 API 2.13.2.20220328-273.v11d70a_b_a_1a_52
• Jersey 2 API 2.35-6
• GitLab 1.5.30

Failure to upgrade all three plugins in lockstep will result in linkage errors.

🚀 New features and improvements

• Add jersey-media-json-jackson (#9) @​dcendents

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[timja]

@dependabot merge

[dependabot]

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

[basil]

@dependabot rebase

[jetersen]

After several reruns this seems to consistently fail.

[dcendents]

Yes I think you need to bump jackson2-api first as in the new version we removed its dependency on jersey2-api

hudson.PluginManager$1$3$2$1#reactOnCycle: found cycle in plugin dependencies: (root=Plugin:jackson2-api, deactivating all involved) Plugin:jackson2-api -> Plugin:jersey2-api -> Plugin:jackson2-api

[jetersen]

@basil @timja
So we have two options to unblock this.
Force it through ignoring the test failures.
Or hope that the plugin maintainers are open to PRs where we temporarily update the jersey API plugin and jackson plugin.

Seems like we are running into #821

[jetersen]

support-core plugin is having issues due to metrics plugin depending on jackson-api 😭

Not sure what the best cause is.
Should we go prepare PRs in these plugins or ignore the test failures in BOM and get a release out to have these plugin pickup the non cyclic dependency?

[basil]

The root cause is really #821. But in the absence of a fix for that, I think the next best option is to update junit and support-core to use explicit (rather than BOM defined) versions of jackson2-api and jersey2-api, release those, pick up the releases here (by which point tests should be passing), release a new version of the plugin BOM, and then update the plugins once again to use BOM defined rather than explicit versions.

[jetersen]

18:13:40  [WARNING] Rule 5: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
18:13:40  Failed while enforcing RequireUpperBoundDeps. The error(s) are [
18:13:40  Require upper bound dependencies error for org.jenkins-ci.plugins:jackson2-api:2.13.2-260.v43d711474c77 paths to dependency are:
18:13:40  +-org.jenkins-ci.plugins:support-core:1153.vb_cfa_37263287
18:13:40    +-org.jenkins-ci.plugins:metrics:4.1.6.2-rc355.3545d643b_60c
18:13:40      +-org.jenkins-ci.plugins:jackson2-api:2.13.2-260.v43d711474c77 (managed) <-- org.jenkins-ci.plugins:jackson2-api:2.13.2.20220328-273.v11d70a_b_a_1a_52
18:13:40  and
18:13:40  +-org.jenkins-ci.plugins:support-core:1153.vb_cfa_37263287
18:13:40    +-io.jenkins.configuration-as-code:test-harness:1414.v878271fc496f [test]
18:13:40      +-org.jenkins-ci.plugins:jackson2-api:2.13.2-260.v43d711474c77 [test] (managed) <-- org.jenkins-ci.plugins:jackson2-api:2.13.1-246.va8a9f3eaf46a [test]

Crying a little inside 😢

[basil]

We could always remove support-core temporarily from the BOM. Nothing really consumes it; it's just here for added PCT test coverage.

[jetersen]

@dependabot cancel merge

[jetersen]

@basil perhaps worth adding feature label to get a release with this PR? 🤔

Once of course support-core-plugin is updated.

if there is no movement on support-core-plugin by Tuesday, we could go ahead and remove it as a temporary workaround.

[basil]

Sure, I added the label. That sounds like a good plan to me!

[basil]

Since the incremental build passed, let's temporarily remove support-core so we can ship this update. I see no reason to make Allan jump through a hoop that he doesn't need to jump through. We can add it back once this is released and we get the other plugins updated to use the new BOM release.

[jetersen]

Metrics is gonna give you the same problem 😅 As it depends on jackson2-api