Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop and ban commons-io dependency from quarkus-core-deployment #30542

Merged
merged 1 commit into from
Jan 30, 2023
Merged

Drop and ban commons-io dependency from quarkus-core-deployment #30542

merged 1 commit into from
Jan 30, 2023

Conversation

jorsol
Copy link
Contributor

@jorsol jorsol commented Jan 23, 2023

Remove the dependency commons-io from quarkus-core-deployment and add a ban in the module.

This also update forbiddenapis to 3.4 and substitute calls to org.apache.commons.io.IOUtils#copy(java.io.InputStream,java.io.OutputStream) and org.apache.commons.compress.utils.IOUtils#copy(java.io.InputStream,java.io.OutputStream) using java.io.InputStream#transferTo(java.io.OutputStream)

@quarkus-bot quarkus-bot bot added area/amazon-lambda area/core area/dependencies Pull requests that update a dependency file area/testing labels Jan 23, 2023
jorsol
jorsol commented Jan 23, 2023
View reviewed changes
test-framework/common/pom.xml
@@ -30,6 +30,10 @@
<groupId>io.smallrye</groupId>
<artifactId>jandex</artifactId>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Required in this module since it's using org.apache.commons.io.input.TeeInputStream in DefaultDockerContainerLauncher.java

@jorsol
Copy link
Contributor Author

jorsol commented Jan 23, 2023

Hi @gsmet, this is a follow up of #30108 (comment) to drop commons-io from quarkus-core-deployment:

@quarkus-bot quarkus-bot bot added area/hibernate-orm Hibernate ORM area/persistence OBSOLETE, DO NOT USE labels Jan 23, 2023
@quarkus-bot

This comment has been minimized.

Sign in to view
@quarkus-bot

This comment has been minimized.

Sign in to view
@gsmet gsmet self-assigned this Jan 25, 2023
@gsmet
Copy link
Member

gsmet commented Jan 25, 2023

I will have a look at this soon.

@quarkus-bot

This comment has been minimized.

Sign in to view
gsmet
gsmet requested changes Jan 27, 2023
View reviewed changes
Copy link
Member

@gsmet gsmet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very good except for one small question I have.

Let's wait for @yrodiere and @Sanne to chime in.

extensions/hibernate-orm/pom.xml Outdated Show resolved Hide resolved
@quarkus-bot

This comment has been minimized.

Sign in to view
@jorsol
Drop and ban commons-io dependency from quarkus-core-deployment
57b1089 
This also update forbiddenapis to 3.4 and substitute calls to
org.apache.commons.io.IOUtils#copy(java.io.InputStream,java.io.OutputStream) and
org.apache.commons.compress.utils.IOUtils#copy(java.io.InputStream,java.io.OutputStream)
using java.io.InputStream#transferTo(java.io.OutputStream)

Signed-off-by: Jorge Solórzano <jorsol@gmail.com>
@quarkus-bot
Copy link

quarkus-bot bot commented Jan 29, 2023

Failing Jobs - Building 57b1089

Status Name Step Failures Logs Raw logs
JVM Tests - JDK 11 Build ⚠️ Check → Logs Raw logs
✔️ JVM Tests - JDK 17
✔️ JVM Tests - JDK 18

@gsmet gsmet merged commit 023fee1 into quarkusio:main Jan 30, 2023
@quarkus-bot quarkus-bot bot added this to the 2.17 - main milestone Jan 30, 2023
@gsmet
Copy link
Member

gsmet commented Jan 30, 2023

Thanks a lot!

@jorsol jorsol deleted the ban-commons-io branch January 30, 2023 10:50
famod
famod reviewed Jan 30, 2023
View reviewed changes
core/deployment/banned-signatures.txt
@defaultMessage Never use Type#toString() as it's almost always the wrong thing to do. Usually org.jboss.jandex.DotName#toString() is what is needed
org.jboss.jandex.Type#toString()

org.apache.commons.io.** @ Don't use commons-io dependency
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm probably missing something, but why aren't we using maven-enforcer's bannedDependencies?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed. I'm creating a PR.

gsmet added a commit to gsmet/quarkus that referenced this pull request Jan 30, 2023
@gsmet
Ban commons-io from quarkus-core-deployment
84c1b5a 
Follow-up of quarkusio#30542
@gsmet gsmet mentioned this pull request Jan 30, 2023
Merged
@ninelore ninelore mentioned this pull request Aug 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@famod famod famod left review comments

@gsmet gsmet gsmet approved these changes

@Sanne Sanne Sanne left review comments

Assignees

@gsmet gsmet

Labels
area/amazon-lambda area/core area/dependencies Pull requests that update a dependency file area/hibernate-orm Hibernate ORM area/persistence OBSOLETE, DO NOT USE area/testing
Projects
None yet
Milestone
3.0.0.Alpha4
Development

Successfully merging this pull request may close these issues.
4 participants
@jorsol @gsmet @Sanne @famod