Open pnasrat opened 1 week ago
Really what needs bumping here is not the leaf deps but the spring boot version
Also I am not sure that the pombump
diff --git a/pom.xml b/pom.xml
index b44fcb6d71..1766bd7264 100755
--- a/pom.xml
+++ b/pom.xml
@@ -42,12 +42,12 @@
<jakarta.xml.bind-api.version>4.0.2</jakarta.xml.bind-api.version>
<javax.xml.bind-api.version>2.4.0-b180830.0359</javax.xml.bind-api.version>
<jaxb-runtime.version>4.0.5</jaxb-runtime.version>
- <spring-boot.version>3.2.4</spring-boot.version>
- <spring-data.version>3.2.5</spring-data.version>
- <spring-data-redis.version>3.2.5</spring-data-redis.version>
- <spring.version>6.1.6</spring.version>
- <spring-redis.version>6.2.4</spring-redis.version>
- <spring-security.version>6.2.4</spring-security.version>
+ <spring-boot.version>3.2.10</spring-boot.version>
+ <spring-data.version>3.2.10</spring-data.version>
+ <spring-data-redis.version>3.2.10</spring-data-redis.version>
+ <spring.version>6.1.12</spring.version>
+ <spring-redis.version>6.2.9</spring-redis.version>
+ <spring-security.version>6.2.6</spring-security.version>
<jedis.version>5.1.2</jedis.version>
<jjwt.version>0.12.5</jjwt.version>
<slf4j.version>2.0.13</slf4j.version>
@@ -81,7 +81,7 @@
<mail.version>2.0.1</mail.version>
<curator.version>5.6.0</curator.version>
<zookeeper.version>3.9.2</zookeeper.version>
- <protobuf.version>3.25.3</protobuf.version> <!-- A Major v4 does not support by the pubsub yet-->
+ <protobuf.version>3.25.5</protobuf.version> <!-- A Major v4 does not support by the pubsub yet-->
<grpc.version>1.63.0</grpc.version>
<tbel.version>1.2.3</tbel.version>
<lombok.version>1.18.32</lombok.version>
The pombump pipeline seems to act on the top level pom
https://github.com/chainguard-dev/melange/blob/main/pkg/build/pipelines/maven/pombump.yaml
pombump --patch-file ~/src/packages/wolfi-os/thingsboard/pombump-deps.yaml pom.xml > pom.xml.new
2024/10/18 20:28:24 INFO Have patch: com.nimbusds.nimbus-jose-jwt:9.37.2
2024/10/18 20:28:24 INFO Have patch: com.squareup.okio.okio:3.4.0
2024/10/18 20:28:24 INFO Have patch: org.apache.tomcat.embed.tomcat-embed-core:10.1.25
2024/10/18 20:28:24 INFO Have patch: kotlin-stdlib.kotlin-stdlib:1.4.21
2024/10/18 20:28:24 INFO Have patch: net.minidev.json-smart:2.4.9
2024/10/18 20:28:24 INFO Have patch: com.squareup.wire.wire-schema-jvm:4.9.9
2024/10/18 20:28:24 INFO Have patch: com.google.protobuf.protobuf-java:3.25.5
2024/10/18 20:28:24 INFO Have patch: org.springframework.spring-web:6.1.12
2024/10/18 20:28:24 INFO Checking DEP: org.projectlombok.lombok:
2024/10/18 20:28:24 INFO Patching DM dep org.springframework.spring-web from ${spring.version} to 6.1.12 with scope: import
2024/10/18 20:28:24 INFO Patching DM dep com.google.protobuf.protobuf-java from ${protobuf.version} to 3.25.5 with scope: import
2024/10/18 20:28:24 INFO Patching DM dep com.squareup.wire.wire-schema-jvm from ${wire-schema.version} to 4.9.9 with scope: import
2024/10/18 20:28:24 INFO Adding missing dependency: com.squareup.okio.okio:3.4.0
2024/10/18 20:28:24 INFO Adding missing dependency: org.apache.tomcat.embed.tomcat-embed-core:10.1.25
2024/10/18 20:28:24 INFO Adding missing dependency: kotlin-stdlib.kotlin-stdlib:1.4.21
2024/10/18 20:28:24 INFO Adding missing dependency: net.minidev.json-smart:2.4.9
2024/10/18 20:28:24 INFO Adding missing dependency: com.nimbusds.nimbus-jose-jwt:9.37.2
Can't attach xml file so used txt extensions before and after pom.xml.txt pom.new.xml.txt
Seen va a springboot app failing image test
Melange: https://github.com/wolfi-dev/os/blob/6d75a44d186104eec842b537973d53b3d61fa557/thingsboard.yaml Pombump: https://github.com/wolfi-dev/os/blob/6d75a44d186104eec842b537973d53b3d61fa557/thingsboard/pombump-deps.yaml
I ended up doing a comparison of
make package/thingsboard
Building without pombump correctly generates