Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump coursier to v2.1.0-RC2 #792

Merged
merged 1 commit into from
Nov 17, 2022
Merged

Bump coursier to v2.1.0-RC2 #792

merged 1 commit into from
Nov 17, 2022

Conversation

jin
Copy link
Member

@jin jin commented Nov 17, 2022
edited

@jin jin requested a review from cheister as a code owner November 17, 2022 16:59
@jin jin requested a review from shs96c November 17, 2022 17:00
@jin jin mentioned this pull request Nov 17, 2022
Closed
shs96c
shs96c approved these changes Nov 17, 2022
View reviewed changes
Copy link
Collaborator

@shs96c shs96c left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, though it's interesting that the lock files have changed.

@jin
Copy link
Member Author

jin commented Nov 17, 2022

I downloaded zookeeper-3.4.13 and verified that the new lock files reflects the deps in its pom file. Given that there's nothing stopping Maven owners from changing POM files for released artifacts, it'd explain changed lock files like these.

@jin jin merged commit c55a179 into master Nov 17, 2022
@cheister
Copy link
Collaborator

LGTM, thanks for the update

@alexarchambault
Copy link

alexarchambault commented Dec 1, 2022
edited

@jin Does the lock file contain the result of a resolution done by coursier? What are its input dependencies?

The changes are likely to be explained by changes in coursier itself, rather than POM changes on Maven Central (that are very uncommon AFAIK). I'd be interested in investigating whether these are legit or not, before cutting coursier 2.1.0 final.

@shs96c
Copy link
Collaborator

shs96c commented Dec 1, 2022

The lock file is generated by serialising the artifacts from maven_install (in the common case, that's just a regular GAV tuple) and passing them to coursier. In this case, it looks like io.opencensus:opencensus-api:0.24.0 did something interesting: it went from including io.grpc:grpc-context:1.33.1 as a dependency to adding it to the exclusions.

@shs96c shs96c deleted the 2.1.0-rc2 branch December 1, 2022 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shs96c shs96c shs96c approved these changes

@cheister cheister Awaiting requested review from cheister cheister is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jin @cheister @alexarchambault @shs96c