[MAGNOLIA-7521] Lib update: jackrabbit 2.16.1 -> 2.18.1 Created: 25/Apr/19 Updated: 06/May/19 Resolved: 30/Apr/19 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.7.3, 6.1 |
| Type: | Task | Priority: | Neutral |
| Reporter: | Adam Siska | Assignee: | Adam Siska |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | 0d | ||
| Time Spent: | 1d 3h | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Template: |
|
||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||
| Task DoR: |
Empty
|
||||||||||||
| Release notes required: |
Yes
|
||||||||||||
| Date of First Response: | |||||||||||||
| Sprint: | Foundation 9 | ||||||||||||
| Story Points: | 3 | ||||||||||||
| Description |
|
https://www.apache.org/dist/jackrabbit/2.18.1/RELEASE-NOTES.txt |
| Comments |
| Comment by Federico Grilli [ 01/May/19 ] |
|
QA asiska, CC: akhamis only for 5.7.3: there's a duplicate annotations dependency (same name but different artifacts actually) due to the JR update. Apparently both deps are legit, at least according to mvn dependency:analyze, even though I suspect com.google.code.findbugs:annotations is a false positive (removing it doesn't cause any compilation error. OTOH, analyser works at bytecode level and may see things us mortals can't see). At any rate, both libraries seem to be used for some @NonNull or @NotNull annotation and JR introduced the new dependency here https://jira.apache.org/jira/browse/JCR-4301
mvn clean dependency:tree -Dincludes=*:annotations
...
[INFO] --- maven-dependency-plugin:2.10:tree (default-cli) @ magnolia-community-webapp ---
[INFO] info.magnolia.bundle:magnolia-community-webapp:war:5.7.3-SNAPSHOT
[INFO] \- info.magnolia:magnolia-empty-webapp:pom:5.7.3-SNAPSHOT:compile
[INFO] +- info.magnolia.ui:magnolia-ui-admincentral:jar:5.7.3-SNAPSHOT:compile
[INFO] | \- com.google.code.findbugs:annotations:jar:2.0.1:compile
[INFO] \- info.magnolia:magnolia-core:jar:5.7.3-SNAPSHOT:compile
[INFO] \- org.apache.jackrabbit:jackrabbit-api:jar:2.18.1:compile
[INFO] \- org.jetbrains:annotations:jar:16.0.3:compile
|
| Comment by Adam Siska [ 02/May/19 ] |
|
Hi Rico, I am aware of this "duplicates", there are check exceptions added in ce and ee (5.7). And right after mergin that I added these commits to 5.7 release ce-packs and ee-packs, too: https://git.magnolia-cms.com/projects/PLATFORM/repos/ce-packs/commits/a57a441bb93265752d8865e344fd1c431e34eae9 For what you suggesting about removing findbugs.annotations I have no strong opinion... |
| Comment by Federico Grilli [ 02/May/19 ] |
|
Thanks Adam. My comment was more for documentation purposes, so that we know we have these two artifacts with the same name and that they need to stay there. I wouldn't remove findbugs.annotations now, maybe worth creating a follow-up ticket to check whether mvn dependency:analyze actually returns a false positive when removing it. |