Feature/cleanup - Githubissues

auth0 / java-jwt

Java implementation of JSON Web Token (JWT)

MIT License

5.84k stars 921 forks source link

Feature/cleanup #642

Closed CodeDead closed 1 year ago

CodeDead commented 1 year ago

Changes

GIT compliance for some files (missing new line)
Simpler HashMap declaration in code
Replaced usage of deprecated JsonMapper methods
Removed unneeded null check when using instanceof (because if the value is null, it will return false in the instanceof check)
Removed unused imports

References

None.

Testing

[ ] This change adds test coverage
[X] This change has been tested on the latest version of Java

Checklist

[X] I have read the Auth0 general contribution guidelines
[X] I have read the Auth0 Code of Conduct
[X] All existing and new tests complete without errors

jdubjdub commented 1 year ago

this JsonMapper builder pattern usage (instead of the deprecated configure method) breaks anyone using jackson prior to 2.13 :(

CodeDead commented 1 year ago

this JsonMapper builder pattern usage (instead of the deprecated configure method) breaks anyone using jackson prior to 2.10 :(

Any reason to continue using 4+ year old dependencies? Why not upgrade?

jdubjdub commented 1 year ago

enterprise software :D

CodeDead commented 1 year ago

enterprise software :D

In that case, why not use an older version of java-jwt as well? Why upgrade one but not the other dependencies?

Can't really expect current and up-to-date software not to keep up with the times. But, fortunately, the older versions of java-jwt are still available on mavenCentral.

jdubjdub commented 1 year ago

that's what i'm doing, but this seems like a fairly aggressive upgrade, understanding that the mapper.configure method was only actually deprecated as of jackson 2.13

CodeDead commented 1 year ago

that's what i'm doing, but this seems like a fairly aggressive upgrade, understanding that the mapper.configure method was only actually deprecated as of jackson 2.13

Jackson 2.13 is 2 years old and even the JDK release schedule is on a 6 month basis. Spring updates and deprecates and removes methods with almost every release, which also happens every 6 months.

Not really sure why this would be considered fairly aggressive or even problematic since you can continue to use older versions of the library until you upgrade the required dependencies.

Other tools, frameworks and libraries are much more maintenance heavy when compared to java-jwt, including the JDK itself.

Waiting 1 or 2 years to replace a deprecated method is fairly acceptable in my opinion for a library that is updated on a continuous basis (https://github.com/auth0/java-jwt/pull/657)