No-SNOW Update fasterxml #740
Conversation
| @@ -723,6 +723,7 @@ | |||
| <banDuplicateClasses> | |||
| <ignoreClasses> | |||
| <ignoreClass>META-INF/versions/*/org/bouncycastle/*</ignoreClass> | |||
| <ignoreClass>META-INF/versions/*/com/fasterxml/jackson/core/io/doubleparser/*</ignoreClass> | |||
There was a problem hiding this comment.
I'm not sure if we want to keep adding to this list to resolve duplicate class issue, I know that we have a long history of issue for boucycastle. I believe what we did before is to exclude the class from one of the package? cc: @sfc-gh-lsembera
There was a problem hiding this comment.
@sfc-gh-lsembera any concerns here?
There was a problem hiding this comment.
Bouncy Castle and now also Jackson use multi-release JARs, which means there are different versions of classes targeting different JVM versions. Our shading process loses these classes targeting specific Java versions, and only keeps the default version. It is probably ok because the default versions should work fine on newer Java runtimes, but we may be losing some performance improvements, so ideally we change our shading process to correctly relocate these classes, as well. I will try to find some time to look at it.
We also need better test coverage with newer Java versions, I opened #756. It is failing, so I need some more time to get it working. Please wait with merging this PR until #756 is merged.
|
I "fixed" the merge gates by adding an ignoreclass. Is that the right way to do this? |
|
Also @sfc-gh-lsembera @sfc-gh-tzhang Do you know where snyk is complaining about commons-configuration2? |
Please check with @sfc-gh-lsembera , @sfc-gh-alhuang might also know more on this |
|
@sfc-gh-xhuang |
Update to a newer version of fasterxml