Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Jakarta EL impl to 3.0.4 #20412

Merged
merged 1 commit into from
Sep 28, 2021
Merged

Upgrade Jakarta EL impl to 3.0.4 #20412

merged 1 commit into from
Sep 28, 2021

Conversation

gsmet
Copy link
Member

@gsmet gsmet commented Sep 27, 2021
edited
Loading

Fixes #20274

It fixes a CVE so probably something to consider for 2.2.

@quarkus-bot quarkus-bot bot added the area/dependencies Pull requests that update a dependency file label Sep 27, 2021
@gsmet gsmet mentioned this pull request Sep 27, 2021
Closed
@famod
Copy link
Member

famod commented Sep 27, 2021

Should we add it to dependabot?

@quarkus-bot
Copy link

quarkus-bot bot commented Sep 27, 2021
edited
Loading

This workflow status is outdated as a new workflow run has been triggered.

Failing Jobs - Building 7e6ed6d

Status Name Step Failures Logs Raw logs
✔️ JVM Tests - JDK 11
JVM Tests - JDK 11 Windows Build Failures Logs Raw logs
✔️ JVM Tests - JDK 17

Full information is available in the Build summary check run.

Failures

⚙️ JVM Tests - JDK 11 Windows #

- Failing: extensions/vertx-http/deployment 
! Skipped: core/test-extension/deployment docs extensions/agroal/deployment and 286 more

📦 extensions/vertx-http/deployment

io.quarkus.vertx.http.testrunner.QuarkusTestTypeTestCase.testQuarkusTestMode - More details - Source on GitHub

java.lang.RuntimeException: java.lang.RuntimeException: java.lang.RuntimeException: Failed to start quarkus
	at io.quarkus.test.QuarkusDevModeTest.beforeEach(QuarkusDevModeTest.java:259)
	at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.lambda$invokeBeforeEachCallbacks$2(TestMethodTestDescriptor.java:163)

io.quarkus.vertx.http.testrunner.TestChangeTrackingWhenStartFailsTestCase.testChangeTrackingOnStartupFailure line 40 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <2> but was: <1>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

io.quarkus.vertx.http.testrunner.TestFailingBeforeAllTestCase.testBrokenBeforeAllHandling line 41 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <1> but was: <0>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

io.quarkus.vertx.http.testrunner.TestRunnerSmokeTestCase.checkTestsAreRun line 45 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <1> but was: <0>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

io.quarkus.vertx.http.testrunner.brokenonly.TestBrokenOnlyTestCase.testBrokenOnlyMode line 43 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <1> but was: <0>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

io.quarkus.vertx.http.testrunner.includes.ExcludePatternTestCase.checkTestsAreRun line 42 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <0> but was: <1>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

io.quarkus.vertx.http.testrunner.includes.IncludePatternTestCase.checkTestsAreRun line 43 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <0> but was: <1>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

io.quarkus.vertx.http.testrunner.metaannotations.MetaAnnotationsTestCase.checkTestsAreRun line 42 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <0> but was: <1>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

io.quarkus.vertx.http.testrunner.params.TestParameterizedTestCase.testParameterizedTests line 42 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <4> but was: <0>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

io.quarkus.vertx.http.testrunner.tags.ExcludeTagsTestCase.checkTestsAreRun line 41 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <0> but was: <1>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

io.quarkus.vertx.http.testrunner.tags.IncludeTagsTestCase.checkTestsAreRun line 42 - More details - Source on GitHub

org.opentest4j.AssertionFailedError: expected: <0> but was: <1>
	at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
	at org.junit.jupiter.api.AssertionUtils.failNotEqual(AssertionUtils.java:62)

@quarkus-bot quarkus-bot bot added the area/infra-automation anything related to CI, bots, etc. that are used to automated our infrastructure label Sep 28, 2021
@gsmet
Copy link
Member Author

gsmet commented Sep 28, 2021

We could but we will need to ignore all the new major versions.

@sberyozkin
Copy link
Member

@gsmet OK, let me update the dependabot rule

@sberyozkin
Copy link
Member

sberyozkin commented Sep 28, 2021
edited
Loading

Hmm, is it dependency-name: org.glassfish:jakarta-el:3.x or

ignore:
      - dependency-name: "org.glassfish:jakarta-el"
        update-types: ["version-update:semver-major"]

?
ignore section seems the way to go

https://github.blog/changelog/2021-05-21-dependabot-version-updates-can-now-ignore-major-minor-patch-releases/

@geoand geoand added the triage/waiting-for-ci Ready to merge when CI successfully finishes label Sep 28, 2021
@sberyozkin
Copy link
Member

Hey @geoand can you check my last comment please ?

@geoand
Copy link
Contributor

geoand commented Sep 28, 2021

Oh sorry, I missed that!

@sberyozkin
Copy link
Member

@geoand np :-), I'll add the ignore section, 1 sec

@geoand
Copy link
Contributor

geoand commented Sep 28, 2021

I let you folks figure it out. I just need to have this merged by tonight if it's going to be part of 2.3.0.Final

@geoand geoand removed the triage/waiting-for-ci Ready to merge when CI successfully finishes label Sep 28, 2021
@geoand geoand added the triage/waiting-for-ci Ready to merge when CI successfully finishes label Sep 28, 2021
@sberyozkin
Copy link
Member

@geoand done :-), if that does not work then we'll make sure the major version is not merged in any case, Guillaume, we won't let 4.x.x in :-)

@gsmet
Copy link
Member Author

gsmet commented Sep 28, 2021

When Dependabot pushes the update, you can add a comment with something like "ignore this major version" (not exactly sure it's the right wording but the help is available in the Dependabot PR).

@sberyozkin
Copy link
Member

Sound good

@quarkus-bot
Copy link

quarkus-bot bot commented Sep 28, 2021

Failing Jobs - Building 054f550

Status Name Step Failures Logs Raw logs
JVM Tests - JDK 11 Build ⚠️ Check → Logs Raw logs
✔️ JVM Tests - JDK 17

@sberyozkin
Copy link
Member

There was a single JVM JDK 11 failure,

2021-09-28T19:45:27.0795401Z [INFO] Running io.quarkus.it.amqp.AmqpConnectorTest
2021-09-28T19:45:32.2405183Z ##[error]The operation was canceled.
2021-09-28T19:45:32.2991572Z ##[group]Run actions/upload-artifact@v2....

Which is not related, I could not see anything else, so let me merge

@sberyozkin sberyozkin merged commit c3321e2 into quarkusio:main Sep 28, 2021
@quarkus-bot quarkus-bot bot added this to the 2.4 - main milestone Sep 28, 2021
@quarkus-bot quarkus-bot bot removed the triage/waiting-for-ci Ready to merge when CI successfully finishes label Sep 28, 2021
@geoand geoand removed this from the 2.4 - main milestone Sep 29, 2021
@geoand geoand added this to the 2.3.0.Final milestone Sep 29, 2021
@gsmet gsmet modified the milestones: 2.3.0.Final, 2.2.4.Final Nov 30, 2021
@sberyozkin sberyozkin mentioned this pull request Jan 19, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sberyozkin sberyozkin sberyozkin approved these changes

Assignees
No one assigned
Labels
area/dependencies Pull requests that update a dependency file area/infra-automation anything related to CI, bots, etc. that are used to automated our infrastructure
Projects
None yet
Milestone
2.2.4.Final
Development

Successfully merging this pull request may close these issues.

Bump org.glassfish:jakarta.el due to vulnerability
4 participants
@gsmet @famod @sberyozkin @geoand