[MAGNOLIA-7521] Lib update: jackrabbit 2.16.1 -> 2.18.1 Created: 25/Apr/19  Updated: 06/May/19  Resolved: 30/Apr/19

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: 5.7.3, 6.1

Type: Task Priority: Neutral
Reporter: Adam Siska Assignee: Adam Siska
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: 0d
Time Spent: 1d 3h
Original Estimate: Not Specified

Issue Links:
Cloners
is cloned by MAGNOLIA-7536 Lib update: jackrabbit 2.12.4 -> 2.18... Closed
dependency
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Release notes required:
Yes
Date of First Response:
Sprint: Foundation 9
Story Points: 3

 Description   

https://www.apache.org/dist/jackrabbit/2.18.1/RELEASE-NOTES.txt



 Comments   
Comment by Federico Grilli [ 01/May/19 ]

QA asiska, CC: akhamis only for 5.7.3: there's a duplicate annotations dependency (same name but different artifacts actually) due to the JR update. Apparently both deps are legit, at least according to mvn dependency:analyze, even though I suspect com.google.code.findbugs:annotations is a false positive (removing it doesn't cause any compilation error. OTOH, analyser works at bytecode level and may see things us mortals can't see).

At any rate, both libraries seem to be used for some @NonNull or @NotNull annotation and JR introduced the new dependency here https://jira.apache.org/jira/browse/JCR-4301

mvn clean  dependency:tree -Dincludes=*:annotations
...
[INFO] --- maven-dependency-plugin:2.10:tree (default-cli) @ magnolia-community-webapp ---
[INFO] info.magnolia.bundle:magnolia-community-webapp:war:5.7.3-SNAPSHOT
[INFO] \- info.magnolia:magnolia-empty-webapp:pom:5.7.3-SNAPSHOT:compile
[INFO]    +- info.magnolia.ui:magnolia-ui-admincentral:jar:5.7.3-SNAPSHOT:compile
[INFO]    |  \- com.google.code.findbugs:annotations:jar:2.0.1:compile
[INFO]    \- info.magnolia:magnolia-core:jar:5.7.3-SNAPSHOT:compile
[INFO]       \- org.apache.jackrabbit:jackrabbit-api:jar:2.18.1:compile
[INFO]          \- org.jetbrains:annotations:jar:16.0.3:compile

Comment by Adam Siska [ 02/May/19 ]

Hi Rico, I am aware of this "duplicates", there are check exceptions added in ce and ee (5.7). And right after mergin that I added these commits to 5.7 release ce-packs and ee-packs, too:

https://git.magnolia-cms.com/projects/PLATFORM/repos/ce-packs/commits/a57a441bb93265752d8865e344fd1c431e34eae9
https://git.magnolia-cms.com/projects/PLATFORM/repos/ee-packs/commits/5db610879129c2263a8b3e5584046147081a4f7a

For what you suggesting about removing findbugs.annotations I have no strong opinion...

Comment by Federico Grilli [ 02/May/19 ]

Thanks Adam. My comment was more for documentation purposes, so that we know we have these two artifacts with the same name and that they need to stay there. I wouldn't remove findbugs.annotations now, maybe worth creating a follow-up ticket to check whether mvn dependency:analyze actually returns a false positive when removing it. 

Generated at Mon Feb 12 04:24:30 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.