-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: Cleanup jackson version overrides #1334
Conversation
com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.9 (3 constraints: 4a200b23) | ||
com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.9.9 (2 constraints: a0134956) | ||
com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.1 (3 constraints: 6a20e231) | ||
com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.10.1 (2 constraints: c0138060) | ||
com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:2.10.1 (2 constraints: d12e2568) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
heh
@@ -1,17 +1,6 @@ | |||
ch.qos.logback:logback-classic = 1.1.7 | |||
# catch-all jackson version | |||
com.fasterxml.jackson.*:jackson-* = 2.10.1 | |||
# individual components are sometimes updated out of band to fix vulnerabilities |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For future reference, a star constraint like the above will handle these hotfix releases just fine as well.
As in, it will try to find the given version for all components, but will fall back to the highest constrained version (of a bottom lib like jackson-databind
) if the requested version doesn't exist.
In fact jackson itself features in gradle's integration tests for this feature:
https://github.com/gradle/gradle/blob/5d5c27d35e276d674da9a28a4af972d79589b78d/subprojects/dependency-management/src/integTest/groovy/org/gradle/integtests/resolve/alignment/AlignmentIntegrationTest.groovy#L241-L292
@@ -104,6 +104,7 @@ public static ObjectMapper withDefaultModules(ObjectMapper mapper) { | |||
.registerModule(new JavaTimeModule()) | |||
.registerModule(new LenientLongModule()) | |||
.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) | |||
.disable(SerializationFeature.WRITE_DURATIONS_AS_TIMESTAMPS) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For those curious FasterXML/jackson-modules-java8#75
Before this PR
We had a bunch of specific jackson versions
After this PR
==COMMIT_MSG==
Consistently specify jackson version as 2.10.1
==COMMIT_MSG==
Possible downsides?
we already picked up 2.10.1 and this is just a cleanup that could prevent issues in future