Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump jacoco-maven-plugin from 0.8.8 to 0.8.9 #4855

Merged
merged 5 commits into from
Apr 27, 2023
Merged

build(deps): bump jacoco-maven-plugin from 0.8.8 to 0.8.9 #4855

merged 5 commits into from
Apr 27, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 7, 2023

Bumps jacoco-maven-plugin from 0.8.8 to 0.8.9.

Release notes

Sourced from jacoco-maven-plugin's releases.

0.8.9

New Features

  • JaCoCo now officially supports Java 19 and 20 (GitHub #1371, #1386).
  • Experimental support for Java 21 class files (GitHub #1386).
  • Add parameter to include the current project in the report-aggregate Maven goal (GitHub #1007).
  • Component accessors generated by the Java compilers for records are filtered out during generation of report. Contributed by Tesla Zhang (GitHub #1393).

Fixed bugs

  • Agent should not open java.lang package to unnamed module of the application class loader (GitHub #1334).

Non-functional Changes

  • JaCoCo now depends on ASM 9.5 (GitHub #1299, #1368, #1416).
  • JaCoCo build now requires JDK 11 (GitHub #1413).
Commits
  • c0ad781 Prepare release 0.8.9
  • c561c13 Fix validation test for Java 21 (#1422)
  • 461ebf3 Add validation test for JEP 432: Record Patterns (#1415)
  • 5f12145 Upgrade ASM to 9.5 (#1416)
  • b865890 Agent should not open java.lang package to unnamed module of the applicatio...
  • 5bc2fae Upgrade spotless-maven-plugin to 2.35.0 and Eclipse JDT Formatter to 4.27 (#1...
  • 4fca868 Require at least JDK 11 for the build (#1413)
  • a68effb Upgrade ECJ from 3.12.1 to 3.32.0 (#1404)
  • c6299e5 Happy New Year 2023!
  • 035df4c Update plexus-utils to 3.0.24 (#1403)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump jacoco-maven-plugin from 0.8.8 to 0.8.9
46019e5 
Bumps [jacoco-maven-plugin](https://github.com/jacoco/jacoco) from 0.8.8 to 0.8.9.
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.8...v0.8.9)

---
updated-dependencies:
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 7, 2023
@line-o line-o self-requested a review April 7, 2023 08:57
line-o
line-o requested changes Apr 7, 2023
View reviewed changes
Copy link
Member

@line-o line-o left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This update was reverted before as it breaks our builds. We have to adapt our codebase to be compatible with jacoco-maven-plugin v0.8.9 before merging this.

@adamretter
Copy link
Member

adamretter commented Apr 7, 2023
edited
Loading

Since stacktrace trimming was re-enabled in CI (#4852 (comment)), we can no longer determine the issue from CI. We should disable stacktrace trimming again!
I will attempt to reproduce this locally...

@adamretter
Copy link
Member

Current working theory is that:

  1. eXist-db depends on cglib 3.3.0.
  2. cglib 3.3.0 depends on asm 7.1
  3. jacoco 0.8.8 had a dependency on asm 9.2, but jacoco has a dependency on 0.8.9.

cglib itself has a warning that it is now unsupported along the lines of:

cglib is unmaintained and does not work well (or possibly at all?) in newer JDKs, particularly JDK17+. If you need to support newer JDKs, we will accept well-tested well-thought-out patches... but you'll probably have better luck migrating to something like ByteBuddy.

We could consider migrating away from cglib. It is used in two places:

  1. The RESTXQ Implementation so that eXist-db's persistent DOM implementation can be used as though it is W3C DOM compliant. This may no longer be necessary at all, but needs to be checked.
  2. In the XML:DB Embedded (local) API implementation to ensure that the caller of those methods can only access W3C DOM nodes, and therefore can corrupt the database via eXist-db's internal DOM being exposed to them.

@duncdrum duncdrum mentioned this pull request Apr 7, 2023
Closed
@adamretter
Copy link
Member

I have pushed some additional commits to this branch that remove cglib in favour of ByteBuddy. This appears to have fixed the build issues.

@adamretter adamretter force-pushed the dependabot/maven/org.jacoco-jacoco-maven-plugin-0.8.9 branch from f68b815 to b237a56 Compare April 9, 2023 19:07
@adamretter adamretter mentioned this pull request Apr 9, 2023
Merged
@sonarcloud
Copy link

sonarcloud bot commented Apr 10, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 5 Code Smells

81.7% 81.7% Coverage
0.0% 0.0% Duplication

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 26, 2023

A newer version of org.jacoco:jacoco-maven-plugin exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

@adamretter
Copy link
Member

@dizzzz @reinhapa As this has 2 approvals, can it be merged now please?

@reinhapa reinhapa merged commit 84f7aa9 into develop Apr 27, 2023
6 checks passed
@dependabot dependabot bot deleted the dependabot/maven/org.jacoco-jacoco-maven-plugin-0.8.9 branch April 27, 2023 18:24
@adamretter
Copy link
Member

@reinhapa Thank you very much for the merge :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamretter adamretter adamretter approved these changes

@dizzzz dizzzz dizzzz approved these changes

@reinhapa reinhapa reinhapa approved these changes

@line-o line-o Awaiting requested review from line-o

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@adamretter @line-o @dizzzz @reinhapa