Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Downgrade commons-lang3 to 3.14.0 to avoid entropy issues #42597

Merged
merged 1 commit into from
Aug 19, 2024

Conversation

famod
Copy link
Member

@famod famod commented Aug 16, 2024

Details: #41962 (comment)

Draft until it's clear whether or not this is the right way to go for now.
If not, then there should at least be a hint in the migration guide (I think).

@famod famod marked this pull request as draft August 16, 2024 16:47
@quarkus-bot quarkus-bot bot added the area/dependencies Pull requests that update a dependency file label Aug 16, 2024
@gsmet
Copy link
Member

gsmet commented Aug 16, 2024

Hum. Awesome…

We are affected only starting 3.13?

Should we report the issue to Liquibase?

@famod
Copy link
Member Author

famod commented Aug 16, 2024

We are affected only starting 3.13?

It seems so.

Should we report the issue to Liquibase?

There are two issues already (on which I left comments):

and there's an open PR: liquibase/liquibase#6179

So there should be a "fixed" version of Liquibase sooner or later.

Question is: What else is (potentially) affected? E.g. https://github.com/search?q=repo%3Aquarkusio%2Fquarkus%20RandomStringUtils&type=code
Finding affected libs is much harder.

@gsmet
Copy link
Member

gsmet commented Aug 17, 2024

I think it makes sense to merge this for now until the ecosystem has adapted.

Please mark it ready for review when if all is good on your side and I'll include it in the next 3.13 and 3.14.0.

@famod famod marked this pull request as ready for review August 18, 2024 21:30
Copy link

quarkus-bot bot commented Aug 19, 2024

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 6ce7dee.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.


Flaky tests - Develocity

⚙️ JVM Tests - JDK 17

📦 extensions/smallrye-reactive-messaging/deployment

io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector - History

  • Expecting actual: ["-4","-5","-6","-7","-8","-9","-10","-11"] to start with: ["-3", "-4", "-5", "-6"] - java.lang.AssertionError
java.lang.AssertionError: 

Expecting actual:
  ["-4","-5","-6","-7","-8","-9","-10","-11"]
to start with:
  ["-3", "-4", "-5", "-6"]

	at io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector(ConnectorChangeTest.java:36)

⚙️ JVM Tests - JDK 21

📦 extensions/smallrye-reactive-messaging/deployment

io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector - History

  • Expecting actual: ["-4","-5","-6","-7","-8","-9","-10","-11"] to start with: ["-3", "-4", "-5", "-6"] - java.lang.AssertionError
java.lang.AssertionError: 

Expecting actual:
  ["-4","-5","-6","-7","-8","-9","-10","-11"]
to start with:
  ["-3", "-4", "-5", "-6"]

	at io.quarkus.smallrye.reactivemessaging.hotreload.ConnectorChangeTest.testUpdatingConnector(ConnectorChangeTest.java:36)

⚙️ JVM Tests - JDK 17 Windows

📦 extensions/micrometer/deployment

io.quarkus.micrometer.deployment.binder.VertxTcpMetricsTest.testTcpMetrics - History

  • event executor terminated - java.util.concurrent.RejectedExecutionException
java.util.concurrent.RejectedExecutionException: event executor terminated
	at io.netty.util.concurrent.SingleThreadEventExecutor.reject(SingleThreadEventExecutor.java:931)
	at io.netty.util.concurrent.SingleThreadEventExecutor.offerTask(SingleThreadEventExecutor.java:350)
	at io.netty.util.concurrent.SingleThreadEventExecutor.addTask(SingleThreadEventExecutor.java:343)
	at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:833)
	at io.netty.util.concurrent.SingleThreadEventExecutor.execute0(SingleThreadEventExecutor.java:824)
	at io.netty.util.concurrent.SingleThreadEventExecutor.execute(SingleThreadEventExecutor.java:814)
	at io.vertx.core.impl.EventLoopExecutor.execute(EventLoopExecutor.java:35)

⚙️ Gradle Tests - JDK 17 Windows

📦 integration-tests/gradle

io.quarkus.gradle.devmode.MavenExclusionInExtensionDependencyDevModeTest.main - History

  • Condition with Lambda expression in io.quarkus.test.devmode.util.DevModeClient was not fulfilled within 1 minutes 30 seconds. - org.awaitility.core.ConditionTimeoutException
org.awaitility.core.ConditionTimeoutException: Condition with Lambda expression in io.quarkus.test.devmode.util.DevModeClient was not fulfilled within 1 minutes  30 seconds.
	at app//org.awaitility.core.ConditionAwaiter.await(ConditionAwaiter.java:167)
	at app//org.awaitility.core.CallableCondition.await(CallableCondition.java:78)
	at app//org.awaitility.core.CallableCondition.await(CallableCondition.java:26)
	at app//org.awaitility.core.ConditionFactory.until(ConditionFactory.java:1006)
	at app//org.awaitility.core.ConditionFactory.until(ConditionFactory.java:975)
	at app//io.quarkus.test.devmode.util.DevModeClient.getHttpResponse(DevModeClient.java:164)
	at app//io.quarkus.gradle.devmode.QuarkusDevGradleTestBase.getHttpResponse(QuarkusDevGradleTestBase.java:164)

⚙️ Native Tests - HTTP

📦 integration-tests/rest-client-reactive

io.quarkus.it.rest.client.BasicTestIT.shouldCreateClientSpans - History

  • expected: <1> but was: <2> - org.opentest4j.AssertionFailedError
org.opentest4j.AssertionFailedError: expected: <1> but was: <2>
	at io.quarkus.it.rest.client.BasicTest.shouldCreateClientSpans(BasicTest.java:216)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at io.quarkus.test.junit.QuarkusTestExtension.interceptTestMethod(QuarkusTestExtension.java:821)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)

@gsmet gsmet merged commit 574e4d7 into quarkusio:main Aug 19, 2024
101 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.16 - main milestone Aug 19, 2024
@mikethecalamity
Copy link

I see this is tagged as a backport to 3.13, any idea when that patch will be released?

@gsmet
Copy link
Member

gsmet commented Aug 20, 2024

If all goes well, it will be released today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/dependencies Pull requests that update a dependency file triage/flaky-test
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants