-
Notifications
You must be signed in to change notification settings - Fork 194
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JENKINS-46053, JENKINS-45271, JENKINS-46210, JENKINS-46148] - Update HttpClient libraries and Fix Parent POM #102
Changes from 3 commits
4826ae7
a7b4824
a213921
21662c0
b53baa2
9ef0dee
c4e3f39
fdfb11c
b0b64ad
8a1790e
969c5ed
e88d12a
1ad5793
3e5566c
940a6bb
04c6a6b
cf133ea
acac87d
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,7 +29,7 @@ THE SOFTWARE. | |
<parent> | ||
<groupId>org.jenkins-ci.plugins</groupId> | ||
<artifactId>plugin</artifactId> | ||
<version>2.17</version> | ||
<version>2.33</version> | ||
</parent> | ||
|
||
<groupId>org.jenkins-ci.main</groupId><!-- for historical reason, this plugin has a different groupId --> | ||
|
@@ -44,8 +44,8 @@ THE SOFTWARE. | |
<properties> | ||
<jenkins.version>1.625.3</jenkins.version> | ||
<java.level>7</java.level> | ||
<mavenInterceptorsVersion>1.11</mavenInterceptorsVersion> | ||
<mavenVersion>3.1.0</mavenVersion> | ||
<mavenInterceptorsVersion>1.12-SNAPSHOT</mavenInterceptorsVersion> | ||
<mavenVersion>3.5.0</mavenVersion> | ||
<maven.version>${mavenVersion}</maven.version> | ||
<aetherVersion>1.1.0</aetherVersion> | ||
<sisuInjectVersion>0.3.3</sisuInjectVersion> | ||
|
@@ -67,26 +67,7 @@ THE SOFTWARE. | |
</license> | ||
</licenses> | ||
|
||
<dependencyManagement> | ||
<dependencies> | ||
<!-- Newer version of plexus-utils is required for artifact deployment to | ||
work using scpexe wagon (see JENKINS-4861). This may be removed when | ||
the effective version of the transitive plexus-utils dependency is 3.0.16+. --> | ||
<dependency> | ||
<groupId>org.codehaus.plexus</groupId> | ||
<artifactId>plexus-utils</artifactId> | ||
<version>3.0.17</version> | ||
</dependency> | ||
</dependencies> | ||
</dependencyManagement> | ||
|
||
<dependencies> | ||
<dependency> <!-- TODO pending https://github.com/jenkinsci/plugin-pom/pull/17 --> | ||
<groupId>javax.servlet</groupId> | ||
<artifactId>javax.servlet-api</artifactId> | ||
<version>3.1.0</version> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.jenkins-ci.plugins</groupId> | ||
<artifactId>javadoc</artifactId> | ||
|
@@ -223,7 +204,7 @@ THE SOFTWARE. | |
<dependency> | ||
<groupId>org.apache.maven</groupId> | ||
<artifactId>maven-aether-provider</artifactId> | ||
<version>${mavenVersion}</version> | ||
<version>3.3.9</version> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we will quickly have a nightmare to resolve with the 3 versions of aether (Maven 3.5.0 added a new lib) cc @olamy There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The released version of Maven plugin already depends on Maven Core 3.5.0, but Maven Plugin bundles core 3.1.0. So we are already in the YOLO mode :( maven-aether-provider 3.5.0 does not exist. If the new library uses different package names, there should be no issue. We could bundle both. What could possibly go wrong? (c) |
||
</dependency> | ||
<dependency> | ||
<groupId>org.apache.maven</groupId> | ||
|
@@ -309,17 +290,20 @@ THE SOFTWARE. | |
<groupId>commons-io</groupId> | ||
<artifactId>commons-io</artifactId> | ||
</exclusion> | ||
<exclusion> | ||
<groupId>org.apache.httpcomponents</groupId> | ||
<artifactId>httpcore</artifactId> | ||
</exclusion> | ||
<exclusion> | ||
<groupId>org.apache.httpcomponents</groupId> | ||
<artifactId>httpclient</artifactId> | ||
</exclusion> | ||
</exclusions> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.apache.httpcomponents</groupId> | ||
<artifactId>httpclient</artifactId> | ||
<version>4.5.1</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.apache.httpcomponents</groupId> | ||
<artifactId>httpcore</artifactId> | ||
<version>4.4.3</version> | ||
<groupId>org.jenkins-ci.plugins</groupId> | ||
<artifactId>apache-httpcomponents-client-4-api</artifactId> | ||
<version>4.5.3-1.0</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.apache.maven.wagon</groupId> | ||
|
@@ -361,7 +345,7 @@ THE SOFTWARE. | |
<dependency> | ||
<groupId>org.codehaus.plexus</groupId> | ||
<artifactId>plexus-classworlds</artifactId> | ||
<version>2.5.1</version> | ||
<version>2.5.2</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.jenkins-ci.lib</groupId> | ||
|
@@ -435,7 +419,7 @@ THE SOFTWARE. | |
<dependency> | ||
<groupId>org.mockito</groupId> | ||
<artifactId>mockito-core</artifactId> | ||
<version>1.8.5</version> | ||
<version>1.10.19</version> | ||
<scope>test</scope> | ||
<exclusions> | ||
<exclusion> | ||
|
@@ -467,11 +451,17 @@ THE SOFTWARE. | |
<artifactId>mock-javamail</artifactId> | ||
<version>1.9</version> | ||
<scope>test</scope> | ||
<exclusions> | ||
<exclusion> | ||
<groupId>javax.mail</groupId> | ||
<artifactId>mail</artifactId> | ||
</exclusion> | ||
</exclusions> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.slf4j</groupId> | ||
<artifactId>slf4j-jdk14</artifactId> | ||
<version>1.7.4</version> | ||
<version>1.7.7</version> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
|
@@ -566,6 +556,43 @@ THE SOFTWARE. | |
</execution> | ||
</executions> | ||
</plugin> | ||
|
||
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-enforcer-plugin</artifactId> | ||
<version>3.0.0-M1</version> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do we not get a version for free from There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, at least |
||
|
||
<!-- Consider adding to Jenkins plugin parent POM? --> | ||
<dependencies> | ||
<dependency> | ||
<groupId>de.skuzzle.enforcer</groupId> | ||
<artifactId>restrict-imports-enforcer-rule</artifactId> | ||
<version>0.7.0</version> | ||
</dependency> | ||
</dependencies> | ||
<executions> | ||
<execution> | ||
<id>ban-commons-httpclient-3x</id> | ||
<phase>process-sources</phase> | ||
<goals> | ||
<goal>enforce</goal> | ||
</goals> | ||
<configuration> | ||
<rules> | ||
<restrictImports implementation="de.skuzzle.enforcer.restrictimports.RestrictImports"> | ||
<basePackage>**</basePackage> | ||
<includeTestCode>true</includeTestCode> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Unnecessary. |
||
<bannedImports> | ||
<bannedImport>org.apache.commons.httpclient.**</bannedImport> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. How is this better than There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @jglick It is a transient dependency from the Jenkins core, so it will blow up if I just ban it. |
||
</bannedImports> | ||
</restrictImports> | ||
</rules> | ||
<fail>true</fail> | ||
</configuration> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
|
||
</plugins> | ||
</build> | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use a timestamped snapshot.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree but it depends how many days the PR will leave. SNAPSHOTs are quickly removed and thus it makes the build KO each time a new SNAPSHOT is published ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will do
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not that quickly.