search

TBD54566975 / web5-kt

Apache License 2.0
7 stars 9 forks source link

Enforce `2.17` for `com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.12.6:compile` #323

Closed mistermoe closed 1 week ago

mistermoe commented 1 week ago

The parent BOM POM of our web5 project specifies Jackson version 2.17. However, in web5-crypto, there's a transitive dependency on com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.12.6, which comes through aws-java-sdk-kms. We need to align this and enforce Jackson version 2.17 across all Jackson dependencies to maintain consistency.

[INFO]
[INFO] --- dependency:3.6.1:tree (default-cli) @ web5-crypto ---
[INFO] xyz.block:web5-crypto:jar:0.0.0-main-SNAPSHOT
[INFO] +- xyz.block:web5-common:jar:0.0.0-main-SNAPSHOT:compile
[INFO] +- xyz.block:web5-testing:jar:0.0.0-main-SNAPSHOT:test
[INFO] +- com.nimbusds:nimbus-jose-jwt:jar:9.37.2:compile
[INFO] |  \- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] +- com.amazonaws:aws-java-sdk-kms:jar:1.12.668:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-core:jar:1.12.668:compile
[INFO] |  |  +- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] |  |  +- commons-codec:commons-codec:jar:1.15:compile
[INFO] |  |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
[INFO] |  |  +- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.12.6:compile
[INFO] |  |  \- joda-time:joda-time:jar:2.8.1:compile
[INFO] |  \- com.amazonaws:jmespath-java:jar:1.12.668:compile
[INFO] +- com.fasterxml.jackson.module:jackson-module-kotlin:jar:2.17.0:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.17.0:compile
[INFO] |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.17.0:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.17.0:compile
[INFO] |  \- org.jetbrains.kotlin:kotlin-reflect:jar:1.9.22:compile
[INFO] +- com.google.crypto.tink:tink:jar:1.10.0:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- com.google.code.gson:gson:jar:2.10.1:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.18.0:compile
[INFO] |  \- com.google.protobuf:protobuf-java:jar:3.19.6:compile
[INFO] +- org.bouncycastle:bcprov-jdk15to18:jar:1.78:compile
[INFO] +- org.bouncycastle:bcpkix-jdk15to18:jar:1.78:compile
[INFO] |  \- org.bouncycastle:bcutil-jdk15to18:jar:1.78:compile
[INFO] +- org.assertj:assertj-core:jar:3.25.2:test
[INFO] |  \- net.bytebuddy:byte-buddy:jar:1.14.11:compile
[INFO] +- org.jetbrains.kotlin:kotlin-stdlib:jar:1.9.22:compile
[INFO] |  \- org.jetbrains:annotations:jar:13.0:compile
[INFO] +- org.jetbrains.kotlin:kotlin-test:jar:1.9.22:test
[INFO] +- org.jetbrains.kotlin:kotlin-test-junit5:jar:1.9.22:test
[INFO] +- org.junit.jupiter:junit-jupiter-api:jar:5.10.1:test
[INFO] |  +- org.opentest4j:opentest4j:jar:1.3.0:test
[INFO] |  +- org.junit.platform:junit-platform-commons:jar:1.10.1:test
[INFO] |  \- org.apiguardian:apiguardian-api:jar:1.1.2:test
[INFO] \- org.junit.jupiter:junit-jupiter-engine:jar:5.10.1:test
[INFO]    \- org.junit.platform:junit-platform-engine:jar:1.10.1:test
ALRubinger commented 1 week ago

Discovered in doing this issue we needed this alignment for both jackson-dataformat-cbor and jackson-dataformat-yaml @mistermoe

PR in #326.