Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OPIK-1036: Updated backend dependencies part 3 #1307

Merged
merged 1 commit into from
Feb 17, 2025
Merged

OPIK-1036: Updated backend dependencies part 3 #1307

merged 1 commit into from
Feb 17, 2025

Conversation

andrescrz
Copy link
Collaborator

@andrescrz andrescrz commented Feb 17, 2025
edited
Loading

Details

Upgraded only transitive dependencies:

  • netty with a BOM.
  • json-smart.

Regarding httpcore5 as it's also a transitive dependency, it was wrongly defined a dependency in a previous PR #1299. It's not an actual direct dependency, so moved to dependencyManagement which is the correct place.

Issues

OPIK-1036

Testing

  • Passed CI build.

Documentation

thiagohora
thiagohora reviewed Feb 17, 2025
View reviewed changes
apps/opik-backend/pom.xml
Comment on lines +83 to +85
<dependency>
<groupId>org.apache.httpcomponents.core5</groupId>
<artifactId>httpcore5</artifactId>
<version>5.3.3</version>
</dependency>
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>2.5.2</version>
</dependency>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those are not bom dependencies

Copy link
Collaborator Author

@andrescrz andrescrz Feb 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's intended:

  1. Those libraries don't have BOMs available and probably don't need them.
  2. They're transitive dependencies, not direct ones, so they shouldn't be defined in dependencies section.
  3. We should force a minor version upgrade by defining them in dependencyManagement as they're transitive only.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, got it!

@andrescrz andrescrz force-pushed the andrescrz/OPIK-1036-upgrade-backend-dependencies-part-3 branch from 5c2ecf6 to 940d84f Compare February 17, 2025 16:15
@andrescrz andrescrz self-assigned this Feb 17, 2025
@andrescrz andrescrz added the dependencies Pull requests that update a dependency file label Feb 17, 2025
@andrescrz andrescrz marked this pull request as ready for review February 17, 2025 16:39
@andrescrz andrescrz requested a review from a team as a code owner February 17, 2025 16:39
@andrescrz andrescrz merged commit d36fe43 into main Feb 17, 2025
7 checks passed
@andrescrz andrescrz deleted the andrescrz/OPIK-1036-upgrade-backend-dependencies-part-3 branch February 17, 2025 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thiagohora thiagohora thiagohora approved these changes

Assignees

@andrescrz andrescrz

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrescrz @thiagohora