Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(dependency): To enable controlled conflict resolution of direct and transitive dependencies version using kork-bom for upgrading the spring-boot 2.3.x. #4231

Merged
merged 1 commit into from
Mar 10, 2022

Conversation

j-sandy
Copy link
Contributor

@j-sandy j-sandy commented Mar 4, 2022

While upgrading the spring-boot 2.2.x to 2.3.x, encountered issue of uncontrolled conflict resolution of jackson and kotlin dependencies in gate (spinnaker/gate#1505). In order to avoid any such issue with other components for upgrades to spring-boot 2.3.x as well as for any future spring-boot upgrades, we can introduce strict adherence of imported maven kork-bom by replacing platform to enforcedPlatform closure.

…nd transitive dependencies version using kork-bom for upgrading the spring-boot 2.3.x.

While upgrading the spring-boot 2.2.x to 2.3.x, encountered issue of uncontrolled conflict resolution of jackson and kotlin dependencies in gate (spinnaker/gate#1505). In order to avoid any such issue with other components for upgrades to spring-boot 2.3.x as well as for any future spring-boot upgrades, we can introduce strict adherence of imported maven kork-bom by replacing platform to enforcedPlatform closure.
@dbyron-sf dbyron-sf added the ready to merge Approved and ready for merge label Mar 10, 2022
@mergify mergify bot added the auto merged Merged automatically by a bot label Mar 10, 2022
@mergify mergify bot merged commit 19d6ee9 into spinnaker:master Mar 10, 2022
@j-sandy j-sandy deleted the sb-upgrade-2-3-12 branch March 10, 2022 16:47
dbyron-sf added a commit to dbyron-sf/kayenta that referenced this pull request Aug 29, 2022
…nd transitive dependencies version using kork-bom for upgrading the spring-boot 2.3.x.

While upgrading the spring-boot 2.2.x to 2.3.x, encountered issue of uncontrolled conflict
resolution of jackson and kotlin dependencies in gate
(spinnaker/gate#1505). In order to avoid any such issue with other
components for upgrades to spring-boot 2.3.x as well as for any future spring-boot
upgrades, we can introduce strict adherence of imported maven kork-bom by replacing
platform to enforcedPlatform closure.

See also the corresponding orca change: spinnaker/orca#4231

This doesn't fix the current test failure:

./gradlew :kayenta-integration-tests:test --tests GraphiteStandaloneCanaryAnalysisTest

but it still feels correct.  As far as actual dependency changes, they don't seem super
significant, though the guava and groovy changes are solid confirmation for me that this
is the way forward.

Here's a partial list.  There are similar changes for other jackson components.

before:
org.slf4j:slf4j-api -> 1.7.32
org.yaml:snakeyaml:1.26 -> 1.27
io.micrometer:micrometer-core:1.5.14 -> 1.7.5
com.fasterxml.jackson.core:jackson-databind:2.11.4 -> 2.13.2
junit:junit:4.13.1 -> 4.13.2
com.google.guava:guava:22.0 -> 30.1.1-android
org.apache.commons:commons-lang3:3.5 -> 3.11
org.codehaus.groovy:groovy:2.5.14 -> 3.0.6 (c)
org.codehaus.groovy:groovy-xml:2.5.14 -> 3.0.6 (c)
org.codehaus.groovy:groovy-json:2.5.14 -> 3.0.6 (c)

after:

slf4j:slf4j-api -> 1.7.30
org.yaml:snakeyaml:1.26
io.micrometer:micrometer-core:1.5.14
com.fasterxml.jackson.core:jackson-databind:2.11.4 -> 2.12.6.1
junit:junit:4.13.1
com.google.guava:guava:22.0 -> 30.0-jre
org.apache.commons:commons-lang3:3.5 -> 3.9
org.codehaus.groovy:groovy:2.5.14 (c)
org.codehaus.groovy:groovy-xml:2.5.14 (c)
org.codehaus.groovy:groovy-json:2.5.14 (c)
dbyron-sf added a commit to spinnaker/kayenta that referenced this pull request Aug 30, 2022
…nd transitive dependencies version using kork-bom for upgrading the spring-boot 2.3.x. (#908)

While upgrading the spring-boot 2.2.x to 2.3.x, encountered issue of uncontrolled conflict
resolution of jackson and kotlin dependencies in gate
(spinnaker/gate#1505). In order to avoid any such issue with other
components for upgrades to spring-boot 2.3.x as well as for any future spring-boot
upgrades, we can introduce strict adherence of imported maven kork-bom by replacing
platform to enforcedPlatform closure.

See also the corresponding orca change: spinnaker/orca#4231

This doesn't fix the current test failure:

./gradlew :kayenta-integration-tests:test --tests GraphiteStandaloneCanaryAnalysisTest

but it still feels correct.  As far as actual dependency changes, they don't seem super
significant, though the guava and groovy changes are solid confirmation for me that this
is the way forward.

Here's a partial list.  There are similar changes for other jackson components.

before:
org.slf4j:slf4j-api -> 1.7.32
org.yaml:snakeyaml:1.26 -> 1.27
io.micrometer:micrometer-core:1.5.14 -> 1.7.5
com.fasterxml.jackson.core:jackson-databind:2.11.4 -> 2.13.2
junit:junit:4.13.1 -> 4.13.2
com.google.guava:guava:22.0 -> 30.1.1-android
org.apache.commons:commons-lang3:3.5 -> 3.11
org.codehaus.groovy:groovy:2.5.14 -> 3.0.6 (c)
org.codehaus.groovy:groovy-xml:2.5.14 -> 3.0.6 (c)
org.codehaus.groovy:groovy-json:2.5.14 -> 3.0.6 (c)

after:

slf4j:slf4j-api -> 1.7.30
org.yaml:snakeyaml:1.26
io.micrometer:micrometer-core:1.5.14
com.fasterxml.jackson.core:jackson-databind:2.11.4 -> 2.12.6.1
junit:junit:4.13.1
com.google.guava:guava:22.0 -> 30.0-jre
org.apache.commons:commons-lang3:3.5 -> 3.9
org.codehaus.groovy:groovy:2.5.14 (c)
org.codehaus.groovy:groovy-xml:2.5.14 (c)
org.codehaus.groovy:groovy-json:2.5.14 (c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto merged Merged automatically by a bot ready to merge Approved and ready for merge target-release/1.28
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants