Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: updating tomcat version to v10.1.33 #3939

Closed
wants to merge 1 commit into from
Closed

chore: updating tomcat version to v10.1.33 #3939

wants to merge 1 commit into from

Conversation

Shobhajayanna
Copy link
Contributor

Description

this is to update the tomcat version to v10.1.33

Type of change

Please delete options that are not relevant.

  • fix: Bug fix (non-breaking change which fixes an issue)
  • feat: New feature (non-breaking change which adds functionality)
  • docs: Change in a documentation
  • refactor: Refactor the code
  • chore: Chore, repository cleanup, updates the dependencies.
  • BREAKING CHANGE or !: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the style guidelines of this project
  • PR title conforms to commit message guideline ## Commit Message Structure Guideline
  • I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • The java tests in the area I was working on leverage @nested annotations
  • Any dependent changes have been merged and published in downstream modules

For more details about how should the code look like read the Contributing guideline

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 6, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

richard-salac
richard-salac reviewed Jan 6, 2025
View reviewed changes
gradle/versions.gradle
@@ -7,6 +7,7 @@ dependencyResolutionManagement {

version('springBoot', '3.3.5')
version('springBootGraphQl', '3.3.5')
version('springBootStarterTomcat', '3.3.6')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we pin just one extra dependency for upgrade? Does it make sense to update the spring-boot-starter-web patch version rather than just one specific dependency? This way we would be pinning one dependency after another that would be difficult to manage.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it has 4 dependencies. 3 of them are tomcat and 1 is jakarta-annotations-api. all 3 tomcat dependencies need to be upgraded. I dont think there will be any issue in upgrading jakarta-annotations-api to latest version, it has no breaking changes or vulnerabilities in the latest version.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tomcat is a transitive dependency of spring-boot-starter-web. Why do we upgrade only the tomcat and not the whole spring-boot-starter-web (which is already 2 patches behind)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only tomcat is listed to be upgraded to this particular version for v3. its mentioned in the description of the task for dependency upgrade.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now I see, it was not clear which issue is the PR related to as there is no reference. Even though the task mentions tomcat specifically, we should bear in mind that spring dependencies are provided as versioned sets and are tested together. Mixing spring boot transitive dependencies across different versions may bring unexpected troubles because these combinations are not tested and not guaranteed by spring to work. Such request to update a specific transitive dependency should imply upgrade of the main package we depend on, unless there is very strong reason not to do so.

@Shobhajayanna Shobhajayanna deleted the reboot/update-tomcat-v10.1.33 branch January 8, 2025 12:58
@Shobhajayanna
Copy link
Contributor Author

this is no longer needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richard-salac richard-salac richard-salac left review comments

Assignees
No one assigned
Labels
size/XS
Projects
API Mediation Layer Backlog Management
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Shobhajayanna @richard-salac