Fix AWS JSON protocol errors by harmonising relevant AWS libs #52
Conversation
rtyley
force-pushed
the
reproduce-json-protocol-issue
branch
from
997f831 to
2400522
Compare
rtyley
force-pushed
the
upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts
branch
from
5bde237 to
197ffc2
Compare
| "org.json" % "json" % "20231013", | ||
| "org.xerial.snappy" % "snappy-java" % "1.1.10.4", | ||
| "org.apache.commons" % "commons-compress" % "1.26.0", | ||
| "com.amazon.ion" % "ion-java" % "1.10.5",//overriding until a version of amazon-kinesis-client is available that removes the ion-java vulnerability |
There was a problem hiding this comment.
ion-java had a dependency override added with #42 in March 2024. ion-java was a dependency of AWS SDK v1 (com.amazonaws:aws-java-sdk-core:1.12.151). However, release 3.0.0 of the Amazon Kinesis Client Library for Java removed the last transitory dependency of the KCL on AWS SDK v1, and so content-api-firehose-client no longer depends upon it.
|
|
||
| val jacksonVersion = "2.17.2" | ||
| dependencyOverrides ++= Seq( | ||
| "com.charleskorn.kaml" % "kaml" % "0.53.0", | ||
| "com.fasterxml.jackson.core" % "jackson-databind" % jacksonVersion, | ||
| "com.fasterxml.jackson.core" % "jackson-annotations" % jacksonVersion, | ||
| "com.fasterxml.jackson.core" % "jackson-core" % jacksonVersion, | ||
| "software.amazon.awssdk" % "netty-nio-client" % "2.26.25", |
There was a problem hiding this comment.
rtyley
force-pushed
the
reproduce-json-protocol-issue
branch
11 times, most recently
from
585392d to
d595ef9
Compare
rtyley
force-pushed
the
upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts
branch
from
197ffc2 to
d32f084
Compare
rtyley
force-pushed
the
upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts
branch
from
d32f084 to
5169c82
Compare
|
@rtyley has published a preview version of this PR with release workflow run #27, based on commit 5169c82: 1.0.26-PREVIEW.upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts.2024-12-11T1530.5169c828 Want to make another preview release?Click 'Run workflow' in the GitHub UI, specifying the upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts branch, or use the GitHub CLI command: gh workflow run release.yml --ref upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts Want to make a full release after this PR is merged?Click 'Run workflow' in the GitHub UI, leaving the branch as the default, or use the GitHub CLI command: gh workflow run release.yml |
rtyley
force-pushed
the
upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts
branch
from
5169c82 to
b870d36
Compare
|
@rtyley has published a preview version of this PR with release workflow run #28, based on commit b870d36: 1.0.26-PREVIEW.upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts.2025-01-08T1159.b870d366 Want to make another preview release?Click 'Run workflow' in the GitHub UI, specifying the upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts branch, or use the GitHub CLI command: gh workflow run release.yml --ref upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts Want to make a full release after this PR is merged?Click 'Run workflow' in the GitHub UI, leaving the branch as the default, or use the GitHub CLI command: gh workflow run release.yml |
Additional changes: * `ion-java` had a dependency override added with #42 in March 2024. `ion-java` was a dependency of AWS SDK v1 (`com.amazonaws:aws-java-sdk-core:1.12.151`). However, release 3.0.0 of the Amazon Kinesis Client Library for Java (https://github.com/awslabs/amazon-kinesis-client/releases/tag/v3.0.0) removed the last transitory dependency of the KCL on AWS SDK v1, and `content-api-firehose-client` no longer depends upon it. * "software.amazon.awssdk" % "netty-nio-client" had a dependency override, first with #26 and then to version 2.26.25 with #49 in October 2024. However, here we're updating all relevant `software.amazon.awssdk` libraries to 2.29.23, meaning that the manual upgrade to 2.26.25 is no longer necessary.
rtyley
force-pushed
the
upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts
branch
from
b870d36 to
e0188d3
Compare
| "com.gu" %% "content-api-models-scala" % "25.0.0", | ||
| "com.gu" %% "content-api-models-scala" % "26.0.0", |
There was a problem hiding this comment.
I found in apple-news that this would need to be upgraded to fit in with the upgrade of the FAPI client.
[info] Resolved apple-news_2.13 dependencies
[info] Fetching artifacts of apple-news_2.13
[info] Fetched artifacts of apple-news_2.13
[error] stack trace is suppressed; run last update for the full output
[error] (update) found version conflict(s) in library dependencies; some are suspected to be binary incompatible:
[error]
[error] * com.gu:content-api-models-scala_2.13:26.0.0 (early-semver) is selected over 25.0.0
[error] +- com.gu:content-api-client_2.13:33.0.0 (depends on 26.0.0)
[error] +- com.gu:content-api-client-default_2.13:33.0.0 (depends on 26.0.0)
[error] +- com.gu:content-api-firehose-client_2.13:1.0.26-PREVIEW.upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts.2025-01-08T1159.b870d366 (depends on 25.0.0)
|
@rtyley has published a preview version of this PR with release workflow run #29, based on commit e0188d3: 1.0.26-PREVIEW.upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts.2025-01-08T1221.e0188d31 Want to make another preview release?Click 'Run workflow' in the GitHub UI, specifying the upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts branch, or use the GitHub CLI command: gh workflow run release.yml --ref upgrade-aws-sdk-version-to-avoid-json-protocol-conflicts Want to make a full release after this PR is merged?Click 'Run workflow' in the GitHub UI, leaving the branch as the default, or use the GitHub CLI command: gh workflow run release.yml |
| "software.amazon.kinesis" % "amazon-kinesis-client" % "2.6.0", | ||
| "software.amazon.kinesis" % "amazon-kinesis-client" % "3.0.1", |
There was a problem hiding this comment.
I did not read this document about upgrading from KCL v2 to v3:
https://docs.aws.amazon.com/streams/latest/dev/kcl-migration-from-2-3.html
...this is unfortunate as it probably means that the release that included this PR (v1.0.26) is probably missing at least one crucial setting, and so should be avoided.
At the very least, the increased IAM permissions required by KCL v3 means that https://github.com/guardian/apple-news/pull/398 failed:
This follows on from: