search

openrewrite / rewrite-python

OpenRewrite recipes for Python.
Apache License 2.0
12 stars 5 forks source link

Adopt guava:32.1.1-jre #60

Closed timtebeek closed 1 year ago

timtebeek commented 1 year ago

What's changed?

Switch from guava:31.1-jre to guava:32.1.1-jre.

What's your motivation?

In response to transitive dependency vulnerability reported on rewrite-maven-plugin. This is the last reported vulnerability after several other fixes yesterday; having zero reduces the noise.

Anything in particular you'd like reviewers to focus on?

Was there any particular reason we stuck to the older version?

Have you considered any alternatives or workarounds?

We could not bump it, and ignore the medium reported vulnerability.

Any additional context

None provided in the weekly vulnerability report.

timtebeek commented 1 year ago

Hmm; a curious failure at first glance unrelated:

AssignTest > assignmentOp(String) > [2] op=- FAILED
    java.lang.AssertionError: Failed to parse sources or run recipe
        at org.openrewrite.test.RewriteTest.lambda$defaultExecutionContext$10(RewriteTest.java:539)
        at org.openrewrite.test.RewriteTest$$Lambda$471/0x0000000801233298.accept(Unknown Source)
        at org.openrewrite.python.PythonParser.lambda$parseInputs$1(PythonParser.java:79)
        at org.openrewrite.python.PythonParser$$Lambda$478/0x0000000801235290.apply(Unknown Source)
        at org.openrewrite.test.RewriteTest.rewriteRun(RewriteTest.java:256)
        at org.openrewrite.test.RewriteTest.rewriteRun(RewriteTest.java:130)
        at org.openrewrite.test.RewriteTest.rewriteRun(RewriteTest.java:125)
        at org.openrewrite.python.tree.AssignTest.assignmentOp(AssignTest.java:55)

        Caused by:
        java.lang.NoClassDefFoundError: com/intellij/diagnostic/ActivityImpl
            at com.intellij.diagnostic.StartUpMeasurer.addCompletedActivity(StartUpMeasurer.java:143)
            at com.intellij.diagnostic.StartUpMeasurer.addCompletedActivity(StartUpMeasurer.java:120)
            at com.intellij.openapi.extensions.impl.ExtensionPointImpl.processAdapters(ExtensionPointImpl.java:433)
            at com.intellij.openapi.extensions.impl.ExtensionPointImpl.computeExtensionList(ExtensionPointImpl.java:249)
            at com.intellij.openapi.extensions.impl.ExtensionPointImpl.getExtensionList(ExtensionPointImpl.java:243)
            at com.intellij.openapi.extensions.ExtensionPointName.getExtensionList(ExtensionPointName.kt:43)
            at com.jetbrains.python.PythonDialectsTokenSetProvider.orSets(PythonDialectsTokenSetProvider.java:93)
            at com.jetbrains.python.PythonDialectsTokenSetProvider.lambda$getTokenSet$0(PythonDialectsTokenSetProvider.java:88)
            at com.jetbrains.python.PythonDialectsTokenSetProvider$$Lambda$539/0x00000008012d6448.apply(Unknown Source)
            at com.jetbrains.python.PythonDialectsTokenSetProvider.getTokenSet(PythonDialectsTokenSetProvider.java:88)
            at com.jetbrains.python.PythonDialectsTokenSetProvider.getUnbalancedBracesRecoveryTokens(PythonDialectsTokenSetProvider.java:72)
            at com.jetbrains.python.lexer.PythonIndentingProcessor.<init>(PythonIndentingProcessor.java:50)
            at com.jetbrains.python.lexer.PythonIndentingLexer.<init>(PythonIndentingLexer.java:17)
            at com.jetbrains.python.lexer.PythonIndentingLexer.<init>(PythonIndentingLexer.java:13)
            at com.jetbrains.python.PythonParserDefinition.createLexer(PythonParserDefinition.java:29)
            at com.jetbrains.python.psi.PyFileElementType.parseContents(PyFileElementType.java:86)
            at com.intellij.psi.impl.source.tree.LazyParseableElement.lambda$ensureParsed$2(LazyParseableElement.java:185)
            at com.intellij.psi.impl.source.tree.LazyParseableElement$$Lambda$535/0x00000008012cd288.run(Unknown Source)
            at com.intellij.psi.impl.DebugUtil.performPsiModification(DebugUtil.java:481)
            at com.intellij.psi.impl.source.tree.LazyParseableElement.ensureParsed(LazyParseableElement.java:184)
            at com.intellij.psi.impl.source.tree.LazyParseableElement.getFirstChildNode(LazyParseableElement.java:236)
            at com.intellij.psi.impl.source.tree.LazyParseableElement.getFirstChildNode(LazyParseableElement.java:25)
            at org.openrewrite.python.internal.PsiPythonMapper$BlockContext.root(PsiPythonMapper.java:78)
            at org.openrewrite.python.internal.PsiPythonMapper.mapFile(PsiPythonMapper.java:125)
            at org.openrewrite.python.internal.PsiPythonMapper.mapSource(PsiPythonMapper.java:111)
            at org.openrewrite.python.PythonParser.lambda$parseInputs$1(PythonParser.java:75)
            ... 5 more

            Caused by:
            java.lang.ClassNotFoundException: com.intellij.diagnostic.ActivityImpl
                at com.intellij.diagnostic.StartUpMeasurer.addCompletedActivity(StartUpMeasurer.java:143)
                ... 30 more