Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump guava from 30.1.1-jre to 31.0.1-jre #20641

Closed
wants to merge 1 commit into from
Closed

Bump guava from 30.1.1-jre to 31.0.1-jre #20641

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 9, 2021

Bumps guava from 30.1.1-jre to 31.0.1-jre.

Release notes

Sourced from guava's releases.

31.0.1

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>31.0.1-jre</version>
  <!-- or, for Android: -->
  <version>31.0.1-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

31.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>31.0-jre</version>
  <!-- or, for Android: -->
  <version>31.0-android</version>
</dependency>

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump guava from 30.1.1-jre to 31.0.1-jre
574da0d 
Bumps [guava](https://github.com/google/guava) from 30.1.1-jre to 31.0.1-jre.
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

---
updated-dependencies:
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the area/dependencies Pull requests that update a dependency file label Oct 9, 2021
@quarkus-bot quarkus-bot bot added the area/devtools Issues/PR related to maven, gradle, platform and cli tooling/plugins label Oct 9, 2021
famod
famod approved these changes Oct 9, 2021
View reviewed changes
Copy link
Member

@famod famod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changelog doesn't mention any breaking changes. LGTM!

@famod
Copy link
Member

famod commented Oct 9, 2021

I just remembered #20473 (comment)

@aloubyansky isn't it actually a bit strange that this is covered by dependabot given that it has to stay aligned?
E.g. #15902 was merged regardless...

@famod famod requested a review from aloubyansky October 10, 2021 16:44
@aloubyansky
Copy link
Member

The important dependency branch for bootstrap is

[INFO] |  +- org.apache.maven:maven-embedder:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-settings:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-core:jar:3.8.1:compile
[INFO] |  |  |  +- org.apache.maven:maven-artifact:jar:3.8.1:compile
[INFO] |  |  |  +- org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.4:compile
[INFO] |  |  |  \- org.codehaus.plexus:plexus-component-annotations:jar:2.1.0:compile
[INFO] |  |  +- org.apache.maven:maven-plugin-api:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-model:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-model-builder:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-builder-support:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven.resolver:maven-resolver-api:jar:1.6.2:compile
[INFO] |  |  +- org.apache.maven.resolver:maven-resolver-util:jar:1.6.2:compile
[INFO] |  |  +- org.apache.maven.shared:maven-shared-utils:jar:3.3.3:compile
[INFO] |  |  |  \- commons-io:commons-io:jar:2.6:compile
[INFO] |  |  +- com.google.inject:guice:jar:no_aop:4.2.1:compile
[INFO] |  |  |  \- com.google.guava:guava:jar:30.1.1-jre:compile
[INFO] |  |  |     +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  |  |     \- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile

But we actually overrode the original Guava version, which was

[INFO] |  +- org.apache.maven:maven-embedder:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-settings:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-core:jar:3.8.1:compile
[INFO] |  |  |  +- org.apache.maven:maven-artifact:jar:3.8.1:compile
[INFO] |  |  |  +- org.eclipse.sisu:org.eclipse.sisu.inject:jar:0.3.4:compile
[INFO] |  |  |  \- org.codehaus.plexus:plexus-component-annotations:jar:2.1.0:compile
[INFO] |  |  +- org.apache.maven:maven-plugin-api:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-model:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-model-builder:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven:maven-builder-support:jar:3.8.1:compile
[INFO] |  |  +- org.apache.maven.resolver:maven-resolver-api:jar:1.6.2:compile
[INFO] |  |  +- org.apache.maven.resolver:maven-resolver-util:jar:1.6.2:compile
[INFO] |  |  +- org.apache.maven.shared:maven-shared-utils:jar:3.3.3:compile
[INFO] |  |  |  \- commons-io:commons-io:jar:2.6:compile
[INFO] |  |  +- com.google.inject:guice:jar:no_aop:4.2.1:compile
[INFO] |  |  |  \- com.google.guava:guava:jar:25.1-android:compile

I guess we overrode it because Guava is a popular library and it would make sense to include a more recent version of it in the quarkus-bom, assuming it works for bootstrap.
Another mention I found in the repo:

quarkus/integration-tests/kafka-avro
        <!-- required by io.confluent.kafka.schemaregistry.client.rest.entities.ServerClusterId -->
        <dependency>
            <groupId>com.google.guava</groupId>
            <artifactId>guava</artifactId>
            <version>30.1.1-jre</version>
            <exclusions>
                <exclusion>
                    <groupId>org.checkerframework</groupId>
                    <artifactId>checker-qual</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

But that's in the tests. There are also Kotlin tests that have dependency on Guava. I guess, we can approve the upgrade, as long as the tests pass.

@aloubyansky
Copy link
Member

I'll close this one though, given that there are conflicts now.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 12, 2021

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@quarkus-bot quarkus-bot bot added the triage/invalid This doesn't seem right label Oct 12, 2021
@dependabot dependabot bot deleted the dependabot/maven/com.google.guava-guava-31.0.1-jre branch October 12, 2021 08:01
@famod
Copy link
Member

famod commented Oct 12, 2021

@aloubyansky so you want to wait for the next update?

@aloubyansky
Copy link
Member

It looks like it was safe, so I wouldn't mind the upgrade. If you would like to re-open, please go ahead @famod

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@famod famod famod approved these changes

@aloubyansky aloubyansky Awaiting requested review from aloubyansky

Assignees
No one assigned
Labels
area/dependencies Pull requests that update a dependency file area/devtools Issues/PR related to maven, gradle, platform and cli tooling/plugins triage/invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@famod @aloubyansky