Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop and ban commons-io dependency from quarkus-core-deployment #30542

Merged
merged 1 commit into from
Jan 30, 2023
Merged

Drop and ban commons-io dependency from quarkus-core-deployment #30542

merged 1 commit into from
Jan 30, 2023

Conversation

jorsol
Copy link
Contributor

@jorsol jorsol commented Jan 23, 2023

Remove the dependency commons-io from quarkus-core-deployment and add a ban in the module.

This also update forbiddenapis to 3.4 and substitute calls to org.apache.commons.io.IOUtils#copy(java.io.InputStream,java.io.OutputStream) and org.apache.commons.compress.utils.IOUtils#copy(java.io.InputStream,java.io.OutputStream) using java.io.InputStream#transferTo(java.io.OutputStream)

@quarkus-bot quarkus-bot bot added area/amazon-lambda area/core area/dependencies Pull requests that update a dependency file area/testing labels Jan 23, 2023
@@ -30,6 +30,10 @@
<groupId>io.smallrye</groupId>
<artifactId>jandex</artifactId>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Required in this module since it's using org.apache.commons.io.input.TeeInputStream in DefaultDockerContainerLauncher.java

@jorsol
Copy link
Contributor Author

jorsol commented Jan 23, 2023

Hi @gsmet, this is a follow up of #30108 (comment) to drop commons-io from quarkus-core-deployment:

@quarkus-bot quarkus-bot bot added area/hibernate-orm Hibernate ORM area/persistence OBSOLETE, DO NOT USE labels Jan 23, 2023
@quarkus-bot

This comment has been minimized.

@quarkus-bot

This comment has been minimized.

@gsmet gsmet self-assigned this Jan 25, 2023
@gsmet
Copy link
Member

gsmet commented Jan 25, 2023

I will have a look at this soon.

@quarkus-bot

This comment has been minimized.

Copy link
Member

@gsmet gsmet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very good except for one small question I have.

Let's wait for @yrodiere and @Sanne to chime in.

extensions/hibernate-orm/pom.xml Outdated Show resolved Hide resolved
@quarkus-bot

This comment has been minimized.

This also update forbiddenapis to 3.4 and substitute calls to
org.apache.commons.io.IOUtils#copy(java.io.InputStream,java.io.OutputStream) and
org.apache.commons.compress.utils.IOUtils#copy(java.io.InputStream,java.io.OutputStream)
using java.io.InputStream#transferTo(java.io.OutputStream)

Signed-off-by: Jorge Solórzano <[email protected]>
@quarkus-bot
Copy link

quarkus-bot bot commented Jan 29, 2023

Failing Jobs - Building 57b1089

Status Name Step Failures Logs Raw logs
JVM Tests - JDK 11 Build ⚠️ Check → Logs Raw logs
✔️ JVM Tests - JDK 17
✔️ JVM Tests - JDK 18

@gsmet gsmet merged commit 023fee1 into quarkusio:main Jan 30, 2023
@quarkus-bot quarkus-bot bot added this to the 2.17 - main milestone Jan 30, 2023
@gsmet
Copy link
Member

gsmet commented Jan 30, 2023

Thanks a lot!

@jorsol jorsol deleted the ban-commons-io branch January 30, 2023 10:50
@defaultMessage Never use Type#toString() as it's almost always the wrong thing to do. Usually org.jboss.jandex.DotName#toString() is what is needed
org.jboss.jandex.Type#toString()

org.apache.commons.io.** @ Don't use commons-io dependency
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm probably missing something, but why aren't we using maven-enforcer's bannedDependencies?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed. I'm creating a PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/amazon-lambda area/core area/dependencies Pull requests that update a dependency file area/hibernate-orm Hibernate ORM area/persistence OBSOLETE, DO NOT USE area/testing
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants