Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump guava to 32.1.1-jre #2976

Merged
merged 3 commits into from
Jul 10, 2023
Merged

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Jul 10, 2023

Description

Bump guava to 32.1.1-jre

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Maintenance

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Craig Perkins <[email protected]>
reta
reta previously approved these changes Jul 10, 2023
@cwperks
Copy link
Member Author

cwperks commented Jul 10, 2023

Added modules section to resolve the build issue as recommended in the README: https://github.com/google/guava/releases/tag/v32.1.0#user-content-duplicate-ListenableFuture

The error from the build was:

Cannot select module with conflict on capability 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava'

willyborankin
willyborankin previously approved these changes Jul 10, 2023
@codecov
Copy link

codecov bot commented Jul 10, 2023

Codecov Report

Merging #2976 (416305c) into main (06eed60) will decrease coverage by 0.08%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #2976      +/-   ##
============================================
- Coverage     62.40%   62.33%   -0.08%     
+ Complexity     3380     3370      -10     
============================================
  Files           267      267              
  Lines         19772    19772              
  Branches       3356     3356              
============================================
- Hits          12338    12324      -14     
- Misses         5796     5805       +9     
- Partials       1638     1643       +5     

see 7 files with indirect coverage changes

build.gradle Outdated
@@ -482,7 +483,12 @@ dependencies {
implementation "org.apache.httpcomponents:httpclient:${versions.httpclient}"
implementation "org.apache.httpcomponents:httpcore:${versions.httpcore}"
implementation "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}"
implementation 'com.google.guava:guava:32.0.1-jre'
implementation "com.google.guava:guava:${guava_version}"
modules {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to see if it's possible to remove the 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava' dependency to see if this change is not required

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The full error from the build without this is:

Execution failed for task ':bundlePlugin'.
> Could not resolve all files for configuration ':runtimeClasspath'.
   > Could not resolve com.google.guava:guava:32.1.1-jre.
     Required by:
         project :
      > Module 'com.google.guava:guava' has been rejected:
           Cannot select module with conflict on capability 'com.google.guava:listenablefuture:1.0' also provided by [com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava(runtime)]
   > Could not resolve com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava.
     Required by:
         project :
      > Module 'com.google.guava:listenablefuture' has been rejected:
           Cannot select module with conflict on capability 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava' also provided by [com.google.guava:guava:32.1.1-jre(jreRuntimeElements)]

@@ -543,7 +544,6 @@ dependencies {
runtimeOnly 'org.glassfish.jaxb:jaxb-runtime:4.0.3'
runtimeOnly 'com.google.j2objc:j2objc-annotations:2.8'
runtimeOnly 'com.google.code.findbugs:jsr305:3.0.2'
runtimeOnly 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava'
Copy link
Member Author

@cwperks cwperks Jul 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From maven, it looks like this is not needed after Guava 27: https://mvnrepository.com/artifact/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava

... If users want all of Guava, they depend on guava, which, as of Guava 27.0, depends on listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.

@peternied peternied merged commit 9599155 into opensearch-project:main Jul 10, 2023
@DarshitChanpura DarshitChanpura added the backport 2.x backport to 2.x branch label Jul 11, 2023
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-2976-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 9599155caad2d3c72a1b999ea4b7cab999e6ef93
# Push it to GitHub
git push --set-upstream origin backport/backport-2976-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-2976-to-2.x.

cwperks added a commit to cwperks/security that referenced this pull request Jul 11, 2023
RyanL1997 pushed a commit that referenced this pull request Jul 12, 2023
peternied added a commit to peternied/security that referenced this pull request Aug 3, 2023
This change combines the many updates from the following commits:
* 5f62e8a dependabot: bump commons-io:commons-io from 2.11.0 to 2.13.0 (opensearch-project#3074)
* 2f69a10 bump com.github.wnameless.json:json-base from 2.4.0 to 2.4.1 (opensearch-project#3062)
* c0e50da dependabot: bump org.cryptacular:cryptacular from 1.2.4 to 1.2.5 (opensearch-project#3071)
* d3488e8 dependabot: bump kafka_version from 3.5.0 to 3.5.1 (opensearch-project#3041)
* ab6778d Update ospackage, checker-qual, zcxvbn and error_prone_annotations, camel-xmlsecurity (opensearch-project#3023)
* 0e6608d Bump JSON libs (opensearch-project#2926)
* df07bea SAML 4.3.0 addition persmission (opensearch-project#2987)
* e5348eb Change maven repo location for compatibility check (opensearch-project#2980)
* 4a1ec53 Bump jaxb to 2.3.8 (opensearch-project#2977)
* 9599155 Bump guava to 32.1.1-jre (opensearch-project#2976)
* 06eed60 dependabot: bump org.glassfish.jaxb:jaxb-runtime from 2.3.4 to 4.0.3 (opensearch-project#2970)
* 1113244 Bump eventbus to 3.3.1 (opensearch-project#2965)
* 99ff7b3 dependabot: bump org.apache.bcel:bcel from 6.6.0 to 6.7.0 (opensearch-project#2969)
* 0794c3f dependabot: bump jakarta.xml.bind:jakarta.xml.bind-api (opensearch-project#2968)
* 9e6aab3 dependabot: bump com.google.j2objc:j2objc-annotations from 1.3 to 2.8 (opensearch-project#2963)
* 8227f64 dependabot: bump com.sun.istack:istack-commons-runtime (opensearch-project#2960)
* 8e044a6 dependabot: bump org.apiguardian:apiguardian-api from 1.0.0 to 1.1.2 (opensearch-project#2964)
* 49cbf52 Remove commons-collections 3.2.2 (opensearch-project#2924)
* 092e8f5 Bump SAML libs (opensearch-project#2927)
* 8ab7cb4 Resolve CVE-2023-2976 by forcing use of Guava 32.0.1 (opensearch-project#2937)
* 4eef662 Clean up and bump Apache libs (opensearch-project#2925)
* 9a72355 Bump BouncyCastle from jdk15on to jdk15to18 (opensearch-project#2901)
* e4f4817 [Enhancement] Parallel test jobs for CI (opensearch-project#2861)
* d871af3 Update snappy to 1.1.10.1 and guava to 32.0.1-jre (opensearch-project#2886)
* c808692 Format everything (opensearch-project#2866)

Signed-off-by: Peter Nied <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x backport to 2.x branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants