You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Nicolas Filotto (Jira)" <ji...@apache.org> on 2023/06/20 07:41:00 UTC

[jira] [Commented] (CAMEL-19474) camel-spring-boot - Fix all version conflicts

    [ https://issues.apache.org/jira/browse/CAMEL-19474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17735168#comment-17735168 ] 

Nicolas Filotto commented on CAMEL-19474:
-----------------------------------------

Generally speaking, this makes me wonder if it is the right approach to align our dependency versions to the one used in SpringBoot (what about Quarkus BTW?) especially knowing their very strict policy which is a big lock when we have third-party libraries to upgrade due to CVEs like the 2 last ones that I raised recently

> camel-spring-boot - Fix all version conflicts
> ---------------------------------------------
>
>                 Key: CAMEL-19474
>                 URL: https://issues.apache.org/jira/browse/CAMEL-19474
>             Project: Camel
>          Issue Type: Task
>            Reporter: Nicolas Filotto
>            Priority: Major
>             Fix For: 4.0-RC1, 4.0.0
>
>
> While trying to figure out why many integration tests of Camel SB failed, I realized that it was due to version conflicts that can be of 2 types:
> # # Version of a specific library used in Camel is different from the version used in SpringBoot, for example, {{org.yaml:snakeyaml}} {{2.0}} is used in Camel while version {{1.33}} is used in SpringBoot {{3.1}}
> # Libraries that are potentially part of the same family have a different version, for example, {{org.infinispan:infinispan-api}} {{14.0.9.Final}} is used along with {{org.infinispan:infinispan-query-dsl}} {{12.1.3.Final}} instead of {{14.0.9.Final}}
> The goal of this task is to decide what to do with these conflicts, how they should be fixed, and fix them. 
> Once fixed whatever the chosen way, we need to re-enable {{CamelSnakeyamlTest}} and make the build fail again on version conflict by removing https://github.com/apache/camel-spring-boot/blob/main/tests/camel-itest-spring-boot/pom.xml#L211-L212.
> The full list of conflicts to fix can be found in this file https://github.com/apache/camel-spring-boot/suites/13714794833/artifacts/758695227 but the most important one is the following:
> Raised by CamelFhirTest
> {code:java}
> WARN>>> Library version mismatch found.
> Found mismatch for dependency org.jetbrains:annotations:
>  - org.jetbrains:annotations:jar: --> [17.0.0, 13.0]
> {code}
> Raised by CamelInfinispanTest
> {code:java}
> WARN>>> Library version mismatch found.
> Found mismatch for dependency org.apache.sshd:sshd:
>  - org.apache.sshd:sshd-common:jar: --> [2.9.2, 2.7.0]
> Found mismatch for dependency org.infinispan.protostream:protostream:
>  - org.infinispan.protostream:protostream-types:jar: --> [4.6.2.Final, 4.4.1.Final]
>  - org.infinispan.protostream:protostream:jar: --> [4.6.2.Final, 4.4.1.Final]
> Found mismatch for dependency org.infinispan:infinispan:
>  - org.infinispan:infinispan-api:jar: --> [14.0.9.Final]
>  - org.infinispan:infinispan-client-hotrod-jakarta:jar: --> [14.0.9.Final]
>  - org.infinispan:infinispan-client-hotrod:jar: --> [14.0.9.Final, 12.1.3.Final]
>  - org.infinispan:infinispan-commons-jakarta:jar: --> [14.0.9.Final]
>  - org.infinispan:infinispan-commons-test:jar: --> [14.0.9.Final]
>  - org.infinispan:infinispan-commons:jar: --> [12.1.3.Final, 14.0.9.Final]
>  - org.infinispan:infinispan-component-annotations:jar: --> [12.1.3.Final]
>  - org.infinispan:infinispan-core-jakarta:jar: --> [14.0.9.Final]
>  - org.infinispan:infinispan-core:jar: --> [14.0.9.Final, 12.1.3.Final]
>  - org.infinispan:infinispan-jboss-marshalling:jar: --> [12.1.3.Final]
>  - org.infinispan:infinispan-marshaller-protostuff:jar: --> [12.1.3.Final]
>  - org.infinispan:infinispan-query-dsl:jar: --> [12.1.3.Final]
>  - org.infinispan:infinispan-remote-query-client:jar: --> [12.1.3.Final]
>  - org.infinispan:infinispan-spring5-common:jar: --> [14.0.9.Final]
>  - org.infinispan:infinispan-spring5-remote:jar: --> [14.0.9.Final]
> Found mismatch for dependency org.jgroups:jgroups:
>  - org.jgroups:jgroups:jar: --> [5.2.12.Final, 4.2.12.Final]
> Found mismatch for dependency org.wildfly.security:wildfly:
>  - org.wildfly.security:wildfly-elytron-asn1:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-auth-server:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-auth:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-base:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-credential:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-http:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-keystore:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-mechanism-digest:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-mechanism-gssapi:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-mechanism-oauth2:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-mechanism-scram:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-mechanism:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-password-impl:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-permission:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-provider-util:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-sasl-digest:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-sasl-external:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-sasl-gs2:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-sasl-gssapi:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-sasl-oauth2:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-sasl-plain:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-sasl-scram:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-sasl:jar: --> [1.20.1.Final, 1.15.1.Final]
>  - org.wildfly.security:wildfly-elytron-security-manager-action:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-ssl:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-util:jar: --> [1.15.1.Final, 1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-x500-cert-util:jar: --> [1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-x500-cert:jar: --> [1.20.1.Final]
>  - org.wildfly.security:wildfly-elytron-x500:jar: --> [1.20.1.Final, 1.15.1.Final]
> {code}
> Raised by CamelZookeeperTest
> {noformat}
> WARN>>> Library version mismatch found.
> Found mismatch for dependency com.google.errorprone:error_prone_annotations:
>  - com.google.errorprone:error_prone_annotations:jar: --> [2.18.0, 2.11.0]
> Found mismatch for dependency com.google.guava:guava:
>  - com.google.guava:guava:jar: --> [31.1-jre, 32.0.0-jre]
> Found mismatch for dependency com.google.j2objc:j2objc:
>  - com.google.j2objc:j2objc-annotations:jar: --> [2.8, 1.3]
> Found mismatch for dependency org.checkerframework:checker:
>  - org.checkerframework:checker-qual:jar: --> [3.33.0, 3.12.0]
> {noformat}
>  
> Raised by CamelSnakeyamlTest
> {noformat}
> WARN>>> Library version mismatch found.
> Found mismatch for dependency com.google.errorprone:snakeyaml:
>  - org.yaml:snakeyaml:jar: --> [1.33, 2.0]  
> {noformat}
>   



--
This message was sent by Atlassian Jira
(v8.20.10#820010)