Jandex version changed in patch version 2.6.1, breaking existing build processes

[Adelrisk]

The jandex version has changed from version 2.6.0 to 2.6.1, which may lead to an org.jboss.jandex.UnsupportedVersion when the jandex file is processed.

To reproduce:

# Create a server application with quarkus
quarkus create app org.acme:smallrye-mutiny-jandex-reproducer -extension='rest'
cd smallrye-mutiny-jandex-reproducer
# Add dependency to the pom.xml
#    <dependency>
#   <groupId>io.smallrye.reactive</groupId>
#   <artifactId>mutiny</artifactId>
#   <version>2.6.1</version>
 #   </dependency>
# Run the test
./mvnw test
# or the application
./mvnw quarkus:dev

Also available here: https://github.com/Adelrisk/smallry-mutiny-jandex-version-reproducer

This produces the error:

Runtime java.lang.RuntimeException: io.quarkus.builder.BuildException: Build failure: Build failed due to errors
        [error]: Build step io.quarkus.deployment.index.ApplicationArchiveBuildStep#build threw an exception: org.jboss.jandex.UnsupportedVersion: Can't read Jandex index from /META-INF/jandex.idx: Can't read index version 12; this IndexReader only supports index versions 2-3,6-11
        at io.quarkus.deployment.index.IndexingUtil$MetaInfJandexReader.apply(IndexingUtil.java:299)

I believe this behaviour counts as a breaking change, which I would not expect when only the patch of the semantic version changes.

The simple solution is to keep using version 2.6.0 if your application does not yet have the latest/relevant jandex support.

Unfortunately, our gradle dependency management had targeted the version 2.6.+, so this blew up overnight for every developer on our current project, without us changing a thing.

[jponge]

Quarkus hasn't been released with 2.6.1 yet. In fact the pull-request to integrate 2.6.1 into Quarkus hasn't been merged yet.

/cc @Ladicek

[Ladicek]

If Mutiny upgraded from Jandex 3.1 to Jandex 3.2, then indeed the index cannot be read by older Jandex versions. This is described in the Jandex compatibility promise: https://smallrye.io/jandex/jandex/3.2.0/index.html#compatibility_promise

At the same time, as @jponge says, I don't think you should manage Mutiny version yourself -- by default, you should stick to what Quarkus comes up with.

[Adelrisk]

Let me address every well-meant suggestion, I shouldn't need this dependency or I should be doing things differently or better .... there are real-world problems that lead to justify decisions that lead us here. Such as when I develop non-quarkus libraries that happen to be consumed by quarkus services, and I also choose to use non-quarkus-libraries (specificially "io.smallrye.reactive:mutiny-kotlin") in these non-quarkus libraries. In the real world, these dependencies must be managed.

And in an ideal world, a patch shouldn't lead to any breaking changes.

[jponge]

I still recommend that you stick to 2.6.0 then.

2.6.1 is binary compatible with 2.6.0, Jandex is metadata and we don't consider it as part of semantic versioning requirements (but I do hear your point). Given the list of changes in https://github.com/smallrye/smallrye-mutiny/releases/tag/2.6.1 I don't think anything in 2.6.1 will be missed by sticking to 2.6.0.

And if you have some internal / private requirements that we can't fix upstream you can always build your own Mutiny release with and older Jandex, and publish it to some private registry. Since you seem to manually enforce different version alignments than what Quarkus does in your projects, this sounds like something you might want to do.