-
Notifications
You must be signed in to change notification settings - Fork 25k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade forbiddenapis Gradle plugin to 3.5.1 #94773
Comments
Pinging @elastic/es-delivery (Team:Delivery) |
Hi, |
@uschindler we do this so that ignoring missing classes is explicit. Essentially, if someone adds a new dependency which references missing classes we want that to be known and either a) add them as exclusions (for example, if those classes are only needed by a feature we don't use) or b) fix our dependencies to bring in the dependency that provides those missing classes. I think parsing the summary at the end is fine. As long as each missing class is logged at least once that satisfies our use case. I'll see about updating our parsing logic to support the new format. |
Hi Mark,
Actually this is also in line with how earlier versions of forbiddenapis behaves (since about version 3.0, not exactly sure) when it parses signatures. If you allow the checker to "ignore signatures where classes are missing" it reports this in the same way. This was added to mitigate complaints by people. Of course because you rely on this feature this is unfortunate (although it is only a side-effect of forbiddenapis that Robert was using back at that time). I wasn't aware of that! One thing that I could offer: I could maybe add DEBUG (verbose) logging also into the CLI tool (with a command line parameter). In that case it would not show the ellipsis. DEBUG logging was added already for Gradle/Maven/Ant plugins, but not yet for CLI. In addition with a An alternative would be to create your own ASM parser scanning class files (actually thats not too much work, you just need to add a listener that triggers at right places for class names). Or even better scan through the constant pool of classes with another library (there are some) to collect all references from it. As a workaround you could update forbiddenapis to 3.5 now only for the "normal forbiddenapis" task, but use the 3.4 version for the forbiddenApisCLI dependency. |
If you want me to add DEBUG logging to the CLI tool, just open an issue on forbiddenapis referring to my above description. I can quickly release a bugfix version 3.5.1, so you won't have to wait till Java 21. |
That is accurate 😉
That's certainly possible, but this class parsing is expensive, especially with large classpaths, so since forbidden APIs already has to do this for it's purposes are simply taking advantage of this.
Thanks, @uschindler! I've opened policeman-tools/forbidden-apis#226. |
Hi, |
fixed by #96032 |
Description
The new version was released a minute ago: https://github.com/policeman-tools/forbidden-apis/wiki/Changes#version-35-released-2023-03-27
Summary of relevant changes for Elasticsearch:
I have no time to submit PR (and don't want to due to legal reasons => no open source license). So this is for informative purposes only.
The text was updated successfully, but these errors were encountered: