RE%3A Re%3A [External Sender] Re%3A PDFBox 3.0.1 compile dependency on junit-jupiter&In-Reply-To=<9f543108-ef5c-4c7a-bac8-d7c6009d9d5f%40gmail.com>

[Christian Wiech via users <us...@pdfbox.apache.org>]

I just discovered that after a renovate bot update three weeks ago from pdfbox-3.0.0 to pdfbox-3.0.1 our builds are still green but no tests are executed at all. This means we were blind for about 3 weeks because of an automerged bugfix release.

We are not using TestNG but Junit provided by Spring Boot version 3.X. The tests are not failing but simply skipped and reported as passed. This leaves us in a false assumption of safety.
Gilis workaround for TestNG works for in our case too. But in my mind this is a major incident and should be fixed asap.
Cheers, Christian
On 2023/12/04 17:55:58 Gili Tzabari wrote:
> For anyone else using TestNG for unit tests, you'll need to explicitly
> exclude JUnit until this is fixed; otherwise, Surefire will refuse to
> use TestNG.
>
> org.apache.pdfbox pdfbox 3.0.1 org.junit.jupiter junit-jupiter
>
> Gili
>
> On 2023-12-03 20:47, Dan Rabe wrote:
> > Great, thank you! We’ll look forward to seeing this in the next release!
> >
> > --Dan
> >
> > From: Andreas Lehmkühler
> > Date: Sunday, December 3, 2023 at 1:58 PM
> > To:users@pdfbox.apache.org
> > Subject: [External Sender] Re: PDFBox 3.0.1 compile dependency on junit-jupiter
> > solved, see [1] for further details.
> >
> > Andreas
> >
> > [1]https://urldefense.com/v3/__https://issues.apache.org/jira/browse/PDFBOX-5722__;!!Iz9xO38YGHZK!86ddyxmB45umUPT5RruBNFFOHrj4DuhHNvfFoJ0V1eQuJhQo9dtUS41wP9sKfM2mKCyhfjyTwkVcb52L0AYxMorg$
> >
> > Am 02.12.23 um 09:05 schrieb Andreas Lehmkühler:
> >> Hi,
> >>
> >> Am 01.12.23 um 17:14 schrieb Dan Rabe:
> >>> It looks like a compile dependency on junit-jupiter snuck into the
> >>> 3.0.1 release.
> >>>
> >>> If I look at the maven page for 3.0.0 at
> >>> https://urldefense.com/v3/__https://mvnrepository.com/artifact/org.apache.pdfbox/pdfbox/3.0.0__;!!Iz9xO38YGHZK!86ddyxmB45umUPT5RruBNFFOHrj4DuhHNvfFoJ0V1eQuJhQo9dtUS41wP9sKfM2mKCyhfjyTwkVcb52L0IYlyu3Q$ ,
> >>> junit-jupiter is listed as a test dependency.
> >>> If I look at the maven page for 3.0.1 at
> >>> https://urldefense.com/v3/__https://mvnrepository.com/artifact/org.apache.pdfbox/pdfbox/3.0.1__;!!Iz9xO38YGHZK!86ddyxmB45umUPT5RruBNFFOHrj4DuhHNvfFoJ0V1eQuJhQo9dtUS41wP9sKfM2mKCyhfjyTwkVcb52L0Bp0SxKX$ ,
> >>> junit-jupiter is listed as a compile dependency.
> >>>
> >>> As a result, the war file that I build would contain the junit
> >>> libraries. I’m assuming it’s a mistake of some sort that it got
> >>> reclassified as “compile” rather than “test”?
> >> Your assumption is correct, it's a mistake. It was introduce with
> >> PDFBOX-5699 which rearranged some parts of the maven build. My bad :-(
> >>
> >> I'm going to fix that and doublecheck all the other components.
> >>
> >> Thanks for the report
> >>
> >> Andreas
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail:users-unsubscribe@pdfbox.apache.org
> >> For additional commands, e-mail:users-help@pdfbox.apache.org
> >>
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail:users-unsubscribe@pdfbox.apache.org
> > For additional commands, e-mail:users-help@pdfbox.apache.org
> >

Re: RE%3A Re%3A [External Sender] Re%3A PDFBox 3.0.1 compile dependency on junit-jupiter&In-Reply-To=<9f543108-ef5c-4c7a-bac8-d7c6009d9d5f%40gmail.com>

[Andreas Lehmkühler <an...@lehmi.de.INVALID>]

Hi,

the additional compile dependency shouldn't have any influence on your 
test cases as long as you don't change change something.

I'm wondering if you are following the advice and excluded the junit 
dependency?

Andreas

Am 05.01.24 um 12:16 schrieb Christian Wiech via users:
> I just discovered that after a renovate bot update three weeks ago from pdfbox-3.0.0 to pdfbox-3.0.1 our builds are still green but no tests are executed at all. This means we were blind for about 3 weeks because of an automerged bugfix release.
> 
> We are not using TestNG but Junit provided by Spring Boot version 3.X. The tests are not failing but simply skipped and reported as passed. This leaves us in a false assumption of safety.
> Gilis workaround for TestNG works for in our case too. But in my mind this is a major incident and should be fixed asap.
> Cheers, Christian
> On 2023/12/04 17:55:58 Gili Tzabari wrote:
>> For anyone else using TestNG for unit tests, you'll need to explicitly
>> exclude JUnit until this is fixed; otherwise, Surefire will refuse to
>> use TestNG.
>>
>> org.apache.pdfbox pdfbox 3.0.1 org.junit.jupiter junit-jupiter
>>
>> Gili
>>
>> On 2023-12-03 20:47, Dan Rabe wrote:
>>> Great, thank you! We’ll look forward to seeing this in the next release!
>>>
>>> --Dan
>>>
>>> From: Andreas Lehmkühler
>>> Date: Sunday, December 3, 2023 at 1:58 PM
>>> To:users@pdfbox.apache.org
>>> Subject: [External Sender] Re: PDFBox 3.0.1 compile dependency on junit-jupiter
>>> solved, see [1] for further details.
>>>
>>> Andreas
>>>
>>> [1]https://urldefense.com/v3/__https://issues.apache.org/jira/browse/PDFBOX-5722__;!!Iz9xO38YGHZK!86ddyxmB45umUPT5RruBNFFOHrj4DuhHNvfFoJ0V1eQuJhQo9dtUS41wP9sKfM2mKCyhfjyTwkVcb52L0AYxMorg$
>>>
>>> Am 02.12.23 um 09:05 schrieb Andreas Lehmkühler:
>>>> Hi,
>>>>
>>>> Am 01.12.23 um 17:14 schrieb Dan Rabe:
>>>>> It looks like a compile dependency on junit-jupiter snuck into the
>>>>> 3.0.1 release.
>>>>>
>>>>> If I look at the maven page for 3.0.0 at
>>>>> https://urldefense.com/v3/__https://mvnrepository.com/artifact/org.apache.pdfbox/pdfbox/3.0.0__;!!Iz9xO38YGHZK!86ddyxmB45umUPT5RruBNFFOHrj4DuhHNvfFoJ0V1eQuJhQo9dtUS41wP9sKfM2mKCyhfjyTwkVcb52L0IYlyu3Q$ ,
>>>>> junit-jupiter is listed as a test dependency.
>>>>> If I look at the maven page for 3.0.1 at
>>>>> https://urldefense.com/v3/__https://mvnrepository.com/artifact/org.apache.pdfbox/pdfbox/3.0.1__;!!Iz9xO38YGHZK!86ddyxmB45umUPT5RruBNFFOHrj4DuhHNvfFoJ0V1eQuJhQo9dtUS41wP9sKfM2mKCyhfjyTwkVcb52L0Bp0SxKX$ ,
>>>>> junit-jupiter is listed as a compile dependency.
>>>>>
>>>>> As a result, the war file that I build would contain the junit
>>>>> libraries. I’m assuming it’s a mistake of some sort that it got
>>>>> reclassified as “compile” rather than “test”?
>>>> Your assumption is correct, it's a mistake. It was introduce with
>>>> PDFBOX-5699 which rearranged some parts of the maven build. My bad :-(
>>>>
>>>> I'm going to fix that and doublecheck all the other components.
>>>>
>>>> Thanks for the report
>>>>
>>>> Andreas
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail:users-unsubscribe@pdfbox.apache.org
>>>> For additional commands, e-mail:users-help@pdfbox.apache.org
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:users-unsubscribe@pdfbox.apache.org
>>> For additional commands, e-mail:users-help@pdfbox.apache.org
>>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org