Skip to content

Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.18.3#272

Merged
jtnord merged 2 commits intomasterfrom
dependabot/maven/com.fasterxml.jackson-jackson-bom-2.18.3
Mar 6, 2025
Merged

Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.18.3#272
jtnord merged 2 commits intomasterfrom
dependabot/maven/com.fasterxml.jackson-jackson-bom-2.18.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 3, 2025
edited
Loading

Bumps com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.18.3.

Commits
  • f459157 [maven-release-plugin] prepare release jackson-bom-2.18.3
  • 769f6bc 2.18.3 release
  • dd92c7e Merge branch '2.17' into 2.18
  • 06c4865 Update Maven wrapper
  • ee7eac3 fix CI version ref
  • b0fa62b Merge branch '2.17' into 2.18
  • 3f3f8ce Enable CI for PRs too
  • b1ab0d6 Back to snapshot deps
  • 842872d [maven-release-plugin] prepare for next development iteration
  • 55ff098 [maven-release-plugin] prepare release jackson-bom-2.18.2
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team as a code owner March 3, 2025 11:08
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 3, 2025
@dependabot dependabot bot mentioned this pull request Mar 3, 2025
Closed
@dependabot dependabot bot force-pushed the dependabot/maven/com.fasterxml.jackson-jackson-bom-2.18.3 branch from e659e1b to 3ea26bc Compare March 6, 2025 12:11
@dependabot
Bump com.fasterxml.jackson:jackson-bom from 2.17.0 to 2.18.3
9b4e458 
Bumps [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) from 2.17.0 to 2.18.3.
- [Commits](FasterXML/jackson-bom@jackson-bom-2.17.0...jackson-bom-2.18.3)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/maven/com.fasterxml.jackson-jackson-bom-2.18.3 branch from 3ea26bc to 9b4e458 Compare March 6, 2025 12:26
@jtnord
Copy link
Copy Markdown
Member

jtnord commented Mar 6, 2025 

12:12:57  [ERROR] Require upper bound dependencies error for javax.xml.bind:jaxb-api:2.2.12 paths to dependency are:
12:12:57  [ERROR] +-org.jenkins-ci.plugins:jackson2-api:2.18.3-392.v3ea_26b_c4ca_18
12:12:57  [ERROR]   +-com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.18.3
12:12:57  [ERROR]     +-javax.xml.bind:jaxb-api:2.2.12
12:12:57  [ERROR] and
12:12:57  [ERROR] +-org.jenkins-ci.plugins:jackson2-api:2.18.3-392.v3ea_26b_c4ca_18
12:12:57  [ERROR]   +-io.jenkins.plugins:jaxb:2.3.9-1
12:12:57  [ERROR]     +-javax.xml.bind:jaxb-api:2.3.1
12:12:57  [ERROR] ]

@jtnord
Fix the exclusion of the jaxb api
b85e395 
amends #139 to use the correct jaxb groupId
jtnord
jtnord reviewed Mar 6, 2025
View reviewed changes
pom.xml
Comment on lines +164 to +165
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
Copy link
Copy Markdown
Member

@jtnord jtnord Mar 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

amends #139

@jtnord jtnord enabled auto-merge March 6, 2025 12:37
@jtnord jtnord merged commit 93cc2d0 into master Mar 6, 2025
16 checks passed
@jtnord jtnord deleted the dependabot/maven/com.fasterxml.jackson-jackson-bom-2.18.3 branch March 6, 2025 12:40
@jonesbusy
Copy link
Copy Markdown
Contributor

jonesbusy commented Mar 6, 2025

Note (if similar errors are seen)

Looks the YAML dataformat is not binary compatible

2025-03-06T14:46:22.873Z [INFO] [Thread=StreamPumper-systemOut] - i.j.t.p.core.impl.MavenInvoker # Caused by: java.lang.RuntimeException: Error while visiting pom.xml: java.lang.NoSuchMethodError: 'com.fasterxml.jackson.core.JsonToken com.fasterxml.jackson.dataformat.yaml.YAMLParser._updateToken(com.fasterxml.jackson.core.JsonToken)'

Seen jenkins-infra/plugin-modernizer-tool#838

Not sure if there a risk with plugin not relying on the API plugin

@basil
Copy link
Copy Markdown
Member

basil commented Mar 10, 2025

@jtnord Breaks

javaposse.jobdsl.plugin.actions.GeneratedConfigFilesBuildActionSpec
javaposse.jobdsl.plugin.actions.GeneratedJobsBuildActionSpec
javaposse.jobdsl.plugin.actions.GeneratedUserContentsBuildActionSpec
javaposse.jobdsl.plugin.actions.GeneratedViewsActionSpec
javaposse.jobdsl.plugin.actions.GeneratedViewsBuildActionSpec
javaposse.jobdsl.plugin.JenkinsJobManagementSpec

as seen in https://ci.jenkins.io/job/Tools/job/bom/job/PR-4663/3/ and can be reproduced by running mvn clean verify in job-dsl-plugin after applying

diff --git a/job-dsl-plugin/pom.xml b/job-dsl-plugin/pom.xml
index 754333ac..bc8cb5aa 100644
--- a/job-dsl-plugin/pom.xml
+++ b/job-dsl-plugin/pom.xml
@@ -59,6 +59,11 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+        <groupId>org.jenkins-ci.plugins</groupId>
+        <artifactId>jackson2-api</artifactId>
+        <version>2.18.3-402.v74c4eb_f122b_2</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
   <dependencies>

Reverted in jenkinsci/bom#4673

Blocking jenkinsci/bom#4677

@basil basil mentioned this pull request Mar 10, 2025
Closed
12 tasks
@jtnord
Copy link
Copy Markdown
Member

jtnord commented Mar 11, 2025
edited
Loading

@jtnord Breaks

javaposse.jobdsl.plugin.actions.GeneratedConfigFilesBuildActionSpec
javaposse.jobdsl.plugin.actions.GeneratedJobsBuildActionSpec
javaposse.jobdsl.plugin.actions.GeneratedUserContentsBuildActionSpec
javaposse.jobdsl.plugin.actions.GeneratedViewsActionSpec
javaposse.jobdsl.plugin.actions.GeneratedViewsBuildActionSpec
javaposse.jobdsl.plugin.JenkinsJobManagementSpec

as seen in https://ci.jenkins.io/job/Tools/job/bom/job/PR-4663/3/ and can be reproduced by running mvn clean verify in job-dsl-plugin after applying

diff --git a/job-dsl-plugin/pom.xml b/job-dsl-plugin/pom.xml
index 754333ac..bc8cb5aa 100644
--- a/job-dsl-plugin/pom.xml
+++ b/job-dsl-plugin/pom.xml
@@ -59,6 +59,11 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+        <groupId>org.jenkins-ci.plugins</groupId>
+        <artifactId>jackson2-api</artifactId>
+        <version>2.18.3-402.v74c4eb_f122b_2</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
   <dependencies>

Reverted in jenkinsci/bom#4673

Blocking jenkinsci/bom#4677

https://ci.jenkins.io/job/Tools/job/bom/job/PR-4663/3/testReport/junit/javaposse.jobdsl.plugin.actions/GeneratedJobsBuildActionSpec/pct_job_dsl_plugin_weekly___project_actions/

java.lang.IllegalArgumentException: Unsupported class file major version 61
	at net.sf.cglib.asm.$ClassReader.<init>(ClassReader.java:195)
	at net.sf.cglib.asm.$ClassReader.<init>(ClassReader.java:176)
	at net.sf.cglib.asm.$ClassReader.<init>(ClassReader.java:162)
	at net.sf.cglib.asm.$ClassReader.<init>(ClassReader.java:283)
	at net.sf.cglib.proxy.BridgeMethodResolver.resolveAll(BridgeMethodResolver.java:68)
	at net.sf.cglib.proxy.Enhancer.emitMethods(Enhancer.java:1132)
	at net.sf.cglib.proxy.Enhancer.generateClass(Enhancer.java:630)
	at net.sf.cglib.core.DefaultGeneratorStrategy.generate(DefaultGeneratorStrategy.java:25)
	at net.sf.cglib.core.AbstractClassGenerator.generate(AbstractClassGenerator.java:332)
	at net.sf.cglib.proxy.Enhancer.generate(Enhancer.java:492)
	at net.sf.cglib.core.AbstractClassGenerator$ClassLoaderData$3.apply(AbstractClassGenerator.java:96)
	at net.sf.cglib.core.AbstractClassGenerator$ClassLoaderData$3.apply(AbstractClassGenerator.java:94)
	at net.sf.cglib.core.internal.LoadingCache$2.call(LoadingCache.java:54)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
	at net.sf.cglib.core.internal.LoadingCache.createEntry(LoadingCache.java:61)
	at net.sf.cglib.core.internal.LoadingCache.get(LoadingCache.java:34)
	at net.sf.cglib.core.AbstractClassGenerator$ClassLoaderData.get(AbstractClassGenerator.java:119)
	at net.sf.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:294)
	at net.sf.cglib.proxy.Enhancer.createHelper(Enhancer.java:480)
	at net.sf.cglib.proxy.Enhancer.createClass(Enhancer.java:337)
	at org.spockframework.mock.runtime.CglibMockFactory.createMock(CglibMockFactory.java:32)
	at org.spockframework.mock.runtime.ProxyBasedMockFactory.create(ProxyBasedMockFactory.java:45)
	at org.spockframework.mock.runtime.JavaMockFactory.createInternal(JavaMockFactory.java:58)
	at org.spockframework.mock.runtime.JavaMockFactory.create(JavaMockFactory.java:38)
	at org.spockframework.mock.runtime.CompositeMockFactory.create(CompositeMockFactory.java:42)
	at org.spockframework.lang.SpecInternals.createMock(SpecInternals.java:46)
	at org.spockframework.lang.SpecInternals.createMockImpl(SpecInternals.java:294)
	at org.spockframework.lang.SpecInternals.createMockImpl(SpecInternals.java:284)
	at org.spockframework.lang.SpecInternals.MockImpl(SpecInternals.java:100)
	at javaposse.jobdsl.plugin.actions.GeneratedJobsBuildActionSpec.project actions(GeneratedJobsBuildActionSpec.groovy:82)

Seems like an issue in jobdsl plugin test frameworks not here.
cglib is stuck on java 1.8 IIUC https://github.com/cglib/cglib/releases/tag/RELEASE_3_3_0 and is unmaitained.

@jtnord
Copy link
Copy Markdown
Member

jtnord commented Mar 11, 2025

Note (if similar errors are seen)

Looks the YAML dataformat is not binary compatible

2025-03-06T14:46:22.873Z [INFO] [Thread=StreamPumper-systemOut] - i.j.t.p.core.impl.MavenInvoker # Caused by: java.lang.RuntimeException: Error while visiting pom.xml: java.lang.NoSuchMethodError: 'com.fasterxml.jackson.core.JsonToken com.fasterxml.jackson.dataformat.yaml.YAMLParser._updateToken(com.fasterxml.jackson.core.JsonToken)'

Seen jenkins-infra/plugin-modernizer-tool#838

Not sure if there a risk with plugin not relying on the API plugin

@jonesbusy where did you see that error? I am not familiar with the plugin-modernizer-tool and as it appears to be using the jackson bom so should not get unaligned versions so should not get a version of jackson-core that is not comparable with jackson-dataformat-yaml?

@jonesbusy
Copy link
Copy Markdown
Contributor

jonesbusy commented Mar 11, 2025

Error was seen on this PR: jenkins-infra/plugin-modernizer-tool#838

I didn't spend time to investigate. There is probably a version mismatch somewhere. But it indicate it's not binary compatible. So was highlighting it just in case it's seen on the plugin eco-system

@basil basil mentioned this pull request Mar 13, 2025
Closed
6 tasks
@basil
Copy link
Copy Markdown
Member

basil commented Mar 14, 2025
edited
Loading

Seems like an issue in jobdsl plugin test frameworks not here.

There was arguably a preëxisting issue that had merely been exposed by this PR. But on the other hand, it was this PR that exposed it: Job DSL might have been brittle with respect to such changes, but its tests had at least worked correctly prior to this PR.

@jtnord Any update on jenkinsci/bom#4677 (comment)?

CC @MarkEWaite

@jtnord jtnord mentioned this pull request Apr 14, 2025
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jtnord jtnord jtnord approved these changes

+1 more reviewer

@PereBueno PereBueno PereBueno approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file enhancement java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jtnord @jonesbusy @basil @PereBueno