[BUILD-1015] Fork apache commons-beanutils internally in order to release it ourselves Created: 01/Feb/23 Updated: 09/Mar/23 Resolved: 16/Feb/23 |
|
| Status: | Closed |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | BOM 6.2.30 |
| Type: | Task | Priority: | Neutral |
| Reporter: | Daniel Alonso | Assignee: | Daniel Alonso |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Σ Remaining Estimate: | Not Specified | Remaining Estimate: | Not Specified |
| Σ Time Spent: | Not Specified | Time Spent: | Not Specified |
| Σ Original Estimate: | Not Specified | Original Estimate: | Not Specified |
| Attachments: |
|
|||||||||||||||
| Issue Links: |
|
|||||||||||||||
| Sub-Tasks: |
|
|||||||||||||||
| Template: |
|
|||||||||||||||
| Acceptance criteria: |
Empty
|
|||||||||||||||
| Task DoR: |
Empty
|
|||||||||||||||
| Epic Link: | get rid of commons-beanutils1 | |||||||||||||||
| Sprint: | Nucleus 30 | |||||||||||||||
| Story Points: | 3 | |||||||||||||||
| Team: | ||||||||||||||||
| Work Started: | ||||||||||||||||
| Description |
Context
Derived from https://jira.magnolia-cms.com/browse/BUILD-970 we contacted with the current apache commons-beanutils owner, in order to ask him about his current roadmap and some expectations about a potential 2.0 version (commons-collection 3.2 free) https://markmail.org/message/jri4cplfgscc55aa#query:+page:1+mid:a2yv4nxm3lahorgl+state:results
Unfortunately, there is no planned 2.0.0 version in short term. At the end of this slack conversation https://magnolia-cms.slack.com/archives/CDF2T239Q/p1674112499760959 A fork-and-release-on-our-own is suggested Expected result
Side notesAfter speaking with some pals from foundation team:
<version>2.0.0-magnolia-SNAPSHOT</version>
<name>${project.groupId}:${project.artifactId}</name>
<distributionManagement> <repository> <id>thirdparty</id> <url> https://nexus.magnolia-cms.com/content/repositories/thirdparty </url> </repository> <snapshotRepository> <id>thirdparty.snapshots</id> <url> https://nexus.magnolia-cms.com/content/repositories/thirdparty.snapshots </url> <uniqueVersion>true</uniqueVersion> </snapshotRepository> </distributionManagement> <scm> <connection>scm:git:ssh://git.magnolia-cms.com/internal/commons-beanutils.git</connection> <developerConnection>scm:git:ssh://git.magnolia-cms.com/internal/commons-beanutils.git</developerConnection> <url>https://git.magnolia-cms.com/projects/INTERNAL/repos/commons-beanutils</url> <tag>commons-beanutils-2.0.0-magnolia</tag> </scm> also, with an explanatory description about why we are doing this fork:
<description>Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Magnolia's fork of beanutils2 master (see https://github.com/apache/commons-beanutils): Magnolia will release this and keep it until official Apache Commons BeanUtils 2.0 is released.
The main reason for doing this is that version 2.0 finally gets rid of vulnerable commons-collections dependencies but still no ETA for release, although it seems to be close.
</description>
magnoliaDefaultPipeline()
|