Exclude jaxb-api from jcabi-matchers #481
Conversation
Bumps [copyartifact](https://github.com/jenkinsci/copyartifact-plugin) from 1.46.1 to 1.46.2. - [Release notes](https://github.com/jenkinsci/copyartifact-plugin/releases) - [Changelog](https://github.com/jenkinsci/copyartifact-plugin/blob/master/CHANGELOG.adoc) - [Commits](jenkinsci/copyartifact-plugin@copyartifact-1.46.1...copyartifact-1.46.2) --- updated-dependencies: - dependency-name: org.jenkins-ci.plugins:copyartifact dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…pyartifact-1.46.2
Bumps [git-changelist-maven-extension](https://github.com/jenkinsci/incrementals-tools) from 1.2 to 1.3. - [Release notes](https://github.com/jenkinsci/incrementals-tools/releases) - [Commits](jenkinsci/incrementals-tools@parent-1.2...parent-1.3) --- updated-dependencies: - dependency-name: io.jenkins.tools.incrementals:git-changelist-maven-extension dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [plugin](https://github.com/jenkinsci/plugin-pom) from 4.31 to 4.33. - [Release notes](https://github.com/jenkinsci/plugin-pom/releases) - [Changelog](https://github.com/jenkinsci/plugin-pom/blob/master/CHANGELOG.md) - [Commits](jenkinsci/plugin-pom@plugin-4.31...plugin-4.33) --- updated-dependencies: - dependency-name: org.jenkins-ci.plugins:plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…yartifact-1.46.2' into octopus
Provided by xstream in Jenkins core with a newer version than is required for jcabi-matchers
pom.xml
Outdated
| @@ -104,6 +104,11 @@ | |||
| <groupId>org.hamcrest</groupId> | |||
| <artifactId>hamcrest-core</artifactId> | |||
| </exclusion> | |||
| <exclusion> | |||
| <!-- provided by xstream in Jenkins core --> | |||
There was a problem hiding this comment.
really - this was moved to a detached plugin if this is used in core then something would seem to be incorreect (as the jax-b plugin does not mask classes, or use plugin-first)?
There was a problem hiding this comment.
I may be misinterpreting the message or not taking the correct action for the message. Without that change, the maven job fails with:
[INFO] Ignoring requireUpperBoundDeps in javax.servlet:servlet-api
[WARNING] Rule 5: org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
Failed while enforcing RequireUpperBoundDeps. The error(s) are [
Require upper bound dependencies error for javax.xml.bind:jaxb-api:2.2.12 [provided] paths to dependency are:
+-org.jenkinsci.plugins:pipeline-model-definition:1.9.4-SNAPSHOT
+-com.jcabi:jcabi-matchers:1.5.3 [test]
+-javax.xml.bind:jaxb-api:2.2.12 [provided]
and
+-org.jenkinsci.plugins:pipeline-model-definition:1.9.4-SNAPSHOT
+-org.jenkins-ci.main:jenkins-core:2.321 [provided]
+-com.thoughtworks.xstream:xstream:1.4.18 [provided] (managed) <-- com.thoughtworks.xstream:xstream:1.4.18 [provided]
+-javax.xml.bind:jaxb-api:2.3.1 [provided]
]
I thought that meant that jaxb-api is included in xstream 1.4.18 and that is provided inside jenkins-core. What have I misunderstood here?
There was a problem hiding this comment.
dependency:tree / enforcer are playing games with you...
https://github.com/x-stream/xstream/blob/XSTREAM_1_4_18/xstream/pom.xml#L113-L117 has a dependency on it but scope provided - which is iffy and as it is provided would not be bundled in jenkins core. it is looking like in the enforcer output the jaxb dependency is pulled in by core (which is provided) but as it is provided it is not (but everything under core would be provided if it was compile or provided!)
I think the action you did is correct at this point in time (but not the comment), as we only need it for tests - but this is likely to blow up in the PCT at some point in the future in the BOM should it be tested against a core where xstream no longer pulls that in (it is gone in the next release of xstream).
/cc @batmat who did the jaxb split (I think the dependency should be excluded in the core based on the comment in the pom - it has gone in newer versions) and @basil who is spending some time looking at the jakarta.ee work as this may become a larger issue.
|
Closing this PR as #503 added this exclusions |
Exclude jaxb-api from jcabi-matchers
Allows several dependabot proposed changes to be merged.
This pull request includes the commits from: