Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency org.kohsuke.metainf-services:metainf-services to v1.9 #4649

Merged
merged 2 commits into from
Apr 11, 2022
Merged

chore(deps): update dependency org.kohsuke.metainf-services:metainf-services to v1.9 #4649

merged 2 commits into from
Apr 11, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 24, 2022
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.kohsuke.metainf-services:metainf-services 1.8 -> 1.9 age adoption passing confidence

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/org.kohsuke.metainf-services-metainf-services-1.x branch from 9801ac9 to db82b1e Compare March 29, 2022 08:32
@MartinWitt
Copy link
Collaborator

@monperrus there is a bug with depclean, and I added the dependency as ignored for depclean. But we can only ignore exact versions. For every new version of this dependency, we need to change it. Do you know the authors and can you report them the problem?

@monperrus
Copy link
Collaborator

ping @cesarsotovalero this CI failure seems to uncover a bug in depclean. Would you have a look at this? Thanks!

@cesarsotovalero
Copy link
Contributor

Hi @MartinWitt,

The dependency org.kohsuke.metainf-services:metainf-services version 1.8 is ignored by DepClean in this project, see https://github.com/INRIA/spoon/blob/master/pom.xml#L301.
You have to explicitly declare the version of the dependency to be ignored by DepClean.
I'll release a new version of DepClean soon which will provide more flexibility for dependency exclusions.
For the moment, you just need to change the version to 1.9 here and it should work well.

@monperrus
Copy link
Collaborator

can we use a version wildcard in the ignoreDependencies tag, suc has <ignoreDependencies>org.kohsuke.metainf-services:metainf-services:*:test</ignoreDependencies>?

@cesarsotovalero cesarsotovalero mentioned this pull request Mar 31, 2022
Closed
@cesarsotovalero
Copy link
Contributor

cesarsotovalero commented Mar 31, 2022
edited
Loading

Hi @monperrus,

can we use a version wildcard in the ignoreDependencies tag, suc has <ignoreDependencies>org.kohsuke.metainf-services:metainf-services:*:test</ignoreDependencies>?

This feature is not available at the moment.
I've opened a related issue that will be addressed in the coming release of DepClean, see ASSERT-KTH/depclean#118

@MartinWitt
Copy link
Collaborator

Hi @cesarsotovalero

The bug is that we have to ignore the dependency. Normally, depclean should detect this dependency as used. Metainf-services is even present in the source code with its MetaInfServices annotation.

@cesarsotovalero
Copy link
Contributor

Hi @MartinWitt,

The bug is that we have to ignore the dependency. Normally, depclean should detect this dependency as used. Metainf-services is even present in the source code with its MetaInfServices annotation.

Where exactly is the MetaInfServices annotation located in the source code of Spoon?

@MartinWitt
Copy link
Collaborator

Here https://github.com/INRIA/spoon/blob/9ffa09b4479cd54ff118a1e6c49bcbad0fef3338/src/test/java/spoon/test/TestExecutionLogger.java

@cesarsotovalero
Copy link
Contributor

cesarsotovalero commented Apr 1, 2022
edited
Loading

Hi @MartinWitt,

I've investigated this issue. The MetaInfServices annotation from the dependency org.kohsuke.metainf-services is implemented with RetentionPolicy.SOURCE, see here. This means that the annotation is only available in the source code, and not in the .class files or at runtime.

The DepClean analysis is based on the information in the compiled .class files (bytecode). Therefore, DepClean doesn't detect this dependency as used because this usage information is not in the bytecode of Spoon.

One way to fix this issue is implementing additional static source code analysis in DepClean to catch these types of usages, but this is computationally expensive, AFAIK. So far the simplest way is to exclude the dependency from the analysis. If you know another way to catch this usage, please open an Issue and PR in the DepClean repo.

DepClean uses ASM for bytecode analysis, see related SO question: https://stackoverflow.com/questions/63465374/how-to-visit-annotation-inside-method-in-asm

@MartinWitt
Copy link
Collaborator

Hi @cesarsotovalero

Thank you for your investigation. This really seems like a limitation you can't solve as a byte code analysis tool. You could add this special case to your documentation to help other projects with the same problem.

@cesarsotovalero cesarsotovalero mentioned this pull request Apr 2, 2022
Closed
@MartinWitt MartinWitt merged commit 9a43cd9 into master Apr 11, 2022
@MartinWitt MartinWitt deleted the renovate/org.kohsuke.metainf-services-metainf-services-1.x branch April 11, 2022 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MartinWitt @monperrus @cesarsotovalero