Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump jackson.version from 2.11.3 to 2.12.0 #199

Merged
merged 1 commit into from
Nov 30, 2020

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 30, 2020

Bumps jackson.version from 2.11.3 to 2.12.0.
Updates jackson-annotations from 2.11.3 to 2.12.0

Commits

Updates jackson-core from 2.11.3 to 2.12.0

Commits
  • ddd8d4e [maven-release-plugin] prepare release jackson-core-2.12.0
  • 9d3c620 Prepare for 2.12.0 release
  • 91f211e Add missing @Override annotations (compiler warning clean up)
  • 9f25b35 Addendum to #653: make related constants public too
  • ac00174 back to them snapshots
  • d77d681 [maven-release-plugin] prepare for next development iteration
  • 33201ac [maven-release-plugin] prepare release jackson-core-2.12.0-rc2
  • 1073c15 Prepare for 2.12.0-rc2 release
  • 67c48f7 Fix #653
  • 9f2ca7f warnings cleanup
  • Additional commits viewable in compare view

Updates jackson-databind from 2.11.3 to 2.12.0

Commits

Updates jackson-dataformat-yaml from 2.11.3 to 2.12.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

Bumps `jackson.version` from 2.11.3 to 2.12.0.

Updates `jackson-annotations` from 2.11.3 to 2.12.0
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `jackson-core` from 2.11.3 to 2.12.0
- [Release notes](https://github.com/FasterXML/jackson-core/releases)
- [Commits](FasterXML/jackson-core@jackson-core-2.11.3...jackson-core-2.12.0)

Updates `jackson-databind` from 2.11.3 to 2.12.0
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `jackson-dataformat-yaml` from 2.11.3 to 2.12.0
- [Release notes](https://github.com/FasterXML/jackson-dataformats-text/releases)
- [Commits](FasterXML/jackson-dataformats-text@jackson-dataformats-text-2.11.3...jackson-dataformats-text-2.12.0)

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 30, 2020
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@slawekjaranowski slawekjaranowski merged commit f107dd3 into master Nov 30, 2020
@slawekjaranowski slawekjaranowski deleted the dependabot/maven/jackson.version-2.12.0 branch November 30, 2020 15:06
pzygielo pushed a commit to pzygielo/pgpverify-maven-plugin that referenced this pull request May 31, 2024
…pact format backed source (s4u#199)

This PR implements several improvement issues:
* introduces "trusted" checksums source (and adapts them for provided transport checksums)
* pushed/moved existing implementation as "trusted" source and introduces "compact" (file) based source
* cleanup re naming: before it was "file" source, now there is "file-sparse" (old) and "file-compact" (new)
* also adds minor "cleanup" in AetherModule (stylistic, renames provider private vars and makes them unmodifiable). This does not affects consumer of this library that use sisu (like Maven).

Reason: existing `ProvidedChecksumSource` is all about _transport_ (see API). Uses transport related classes and is meant -- as it's name and package says -- to provide expected checksums for transport related checks (it provides ChecksumKind#PROVIDED, uses RemoteRepository and transfer related classes). OTOH, there may be requirement to "provide" checksums for operations totally unrelated to transport. Hence, the introduced trusted checksums (using non transport related API) is exactly that, provides checksums for given Artifact (optionally factoring in origin as well in form of  ArtifactRepository). This clearly separates "transport realm" and rest of the things.

Along with existing (moved) source, new trusted checksums implementation added that uses more compact format: a "summary" file that contains list of Artifact IDs and checksum per one line. This format is more VCS friendly, and also easier to handle then sparse directories.

By default, new "trusted" checksum sources _are adapted_ to "provided" checksum sources (see `TrustedToProvidedChecksumsSourceAdapter`), so no functionality loss happens.

Perfomed cleanup around trusted checksum sources as well, old one was in wrong place and wrongly named, dropped it (as it was final class), and now we have two sources:
* `sparse-directory` -- behaves exactly same as dropped one, expects provided checksums in "local repo"-like sparse layout
* `summary-file` -- is the new format, where one file `checksums.${checksumExt}` is expected to contain Artifact ID and checksum for given algorithm per line (separated by space)

Both source are able to be "origin aware" when it factors in origin repository ID as well (so one could get `checksums-central.sha1` with all the known trusted checksums for use).

Sources are DISABLED by default, as even if file is present (check possible only for file-compact) it does not mean user want to use it in every project. Enabling them is possible via usual means (`-D...` or by config in `.mvn` directory to make it per-project persistent). All configuration is sourced from repo system session, no system properties used.

Based on work done in apache/maven-resolver#192

Co-authored-by: @raphw <rafael.wth@gmail.com>

---
https://issues.apache.org/jira/browse/MRESOLVER-275 -- Introduce trusted checksums source
https://issues.apache.org/jira/browse/MRESOLVER-269 -- Allow more compact storage of provided checksums
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Development

Successfully merging this pull request may close these issues.

1 participant