Update fasterxml#3227
Merged
malliaridis merged 5 commits intoapache:mainfrom Sep 13, 2025
Merged
Conversation
github-actions
Bot
added
documentation
solrbot
changed the title
solrbot
changed the title
solrbot
changed the title
solrbot
force-pushed
the
renovate/fasterxml
branch
from
e675eb8 to
9ea5d17
Compare
solrbot
changed the title
solrbot
force-pushed
the
renovate/fasterxml
branch
from
9ea5d17 to
23fd002
Compare
solrbot
force-pushed
the
renovate/fasterxml
branch
from
23fd002 to
c445258
Compare
solrbot
force-pushed
the
renovate/fasterxml
branch
from
c445258 to
1cedc0b
Compare
solrbot
force-pushed
the
renovate/fasterxml
branch
from
1cedc0b to
2bacc0d
Compare
solrbot
force-pushed
the
renovate/fasterxml
branch
from
aa2e368 to
53fd817
Compare
Contributor
|
@malliaridis Do you want to handle this and related / dependent deps? I have scheduled it for rebase on next solrbot run to clean up the conflict. |
solrbot
force-pushed
the
renovate/fasterxml
branch
from
53fd817 to
8c13091
Compare
Collaborator
Author
|
Contributor
|
I will try to review this ideally by the end of this week. |
malliaridis
approved these changes
Sep 10, 2025
Contributor
malliaridis
left a comment
malliaridis
left a comment
There was a problem hiding this comment.
Looks good to me now. I believe the crave.io issues are not related to the dependency updates, but I will run it once more and merge it afterwards.
Contributor
|
Btw. minimum supported Guava version is set to 22.0, but I believe it does not have any impact here or in |
Collaborator
Author
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
janhoy
reviewed
Sep 11, 2025
Contributor
|
@janhoy I have looked into the current test failures, and it seems that one test is related to CBOR serialization, part of the fasterxml databind module. It fails because the current bytes of the serialized object do not match the expected value (actual is lower). I am not sure if this is a (breaking or not) change caused by the update. Updating the expected bytes to the actual bytes fixes the test. Some other tests fail as well, but it seems it is not related to the update. I will try to troubleshoot a bit more, but I believe this would be the final state. |
dsmiley
reviewed
Dec 24, 2025
| dependencies { | ||
| api platform(project(":platform")) | ||
| swaggerDeps platform(project(":platform")) | ||
| api platform(libs.fasterxml.jackson.bom) |
Contributor
There was a problem hiding this comment.
I'm surprised to see jackson here, as I expect that our platform's role is to be all encompassing (to include jackson).
Contributor
There was a problem hiding this comment.
If I remember correct, the issue comes from the way BOMs have to be added to resolve dependency versions. Our platform module goes through our libs.versions.toml file and adds all dependencies via api [dependency]. Later, the module is added as [configuration] platform(project(":platform")) to resolve dependencies.
However, in order for BOMs to take effect in dependency resolution, they have to be added via platform([bom-dependency]). Since we cannot reliably distinguish BOMs from other dependencies in our current setup, we have to manually add them.
We might be able to enlist the BOM dependencies in a seperate toml file and iterate over it in our platform module, so that we can run a different logic in platform/build.gradle, something like:
// platform/build.gradle
plugins {
id("java-platform")
}
dependencies {
constraints {
// Current logic
def versionCatalog = rootProject.extensions
.getByType(VersionCatalogsExtension).named("libs")
versionCatalog.libraryAliases.forEach { alias ->
def library = versionCatalog.findLibrary(alias)
api library.get()
}
// Additional new logic
def bomCatalog = rootProject.extensions
.getByType(VersionCatalogsExtension).named("bom") // <-- reference different toml file
bomCatalog.libraryAliases.forEach { alias ->
def library = bomCatalog.findLibrary(alias)
api platform(library.get()) // <-- this line makes the difference
}
}
}And then add only BOM dependencies to gradle/bom.versions.toml:
[versions]
amazon-awssdk = "2.32.31"
fasterxml = "2.20.0"
google-cloud-bom = "0.224.0"
grpc = "1.65.1"
netty = "4.2.6.Final"
opentelemetry = "1.56.0"
[libraries]
amazon-awssdk-bom = { module = "software.amazon.awssdk:bom", version.ref = "amazon-awssdk" }
fasterxml-jackson-bom = { module = "com.fasterxml.jackson:jackson-bom", version.ref = "fasterxml" }
google-cloud-bom = { module = "com.google.cloud:google-cloud-bom", version.ref = "google-cloud-bom" }
grpc-bom = { module = "io.grpc:grpc-bom", version.ref = "grpc" }
netty-bom = { module = "io.netty:netty-bom", version.ref = "netty" }
opentelemetry-bom = { module = "io.opentelemetry:opentelemetry-bom", version.ref = "opentelemetry" }I did not have enough time back then to experiment with that, but it may allow us to remove redundant dependencies to BOMs in our modules, like the one you pointed at.
Contributor
There was a problem hiding this comment.
Thanks for that thorough response Christos.
Background: I've been looking at Solr's techniques to apply some techniques elsewhere.
Contributor
There was a problem hiding this comment.
SOLR-18003 also shows a case where the BOM version resolution fails and we have to intervene.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.18.2->2.20.02.18.2->2.20.02.18.2->2.20.02.18.2->2.20.02.18.2->2.202.18.2->2.20.0Configuration
📅 Schedule: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot