Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: gradle catalog dependencies #147

Closed
wants to merge 3 commits into from
Closed

chore: gradle catalog dependencies #147

wants to merge 3 commits into from

Conversation

skjindal93
Copy link
Contributor

No description provided.

@skjindal93 skjindal93 requested a review from a team October 21, 2022 07:50
@github-actions
Copy link
Contributor

Unit Test Results

21 files  ±0  21 suites  ±0   17s ⏱️ +2s
79 tests ±0  79 ✔️ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit 2731306. ± Comparison against base commit 10375bc.

@codecov
Copy link

codecov bot commented Oct 21, 2022
edited
Loading

Codecov Report

Merging #147 (2731306) into main (1861f39) will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##               main     #147   +/-   ##
=========================================
  Coverage     81.45%   81.45%           
  Complexity      230      230           
=========================================
  Files            28       28           
  Lines           771      771           
  Branches         60       60           
=========================================
  Hits            628      628           
  Misses           93       93           
  Partials         50       50
Flag Coverage Δ
integration 81.45% <ø> (ø)
unit 68.22% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

aaron-steinfeld
aaron-steinfeld reviewed Oct 21, 2022
View reviewed changes
gradle/libs.versions.toml
hypertrace-documentStore = "0.7.18"

protoc = "3.21.2"
grpc = "1.48.0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
grpc = "1.48.0"
grpc = "1.50.0"

gradle/libs.versions.toml
@@ -0,0 +1,44 @@
[versions]
hypertrace-serviceFramework = "0.1.43"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

might be worth waiting for the couple pending framework prs

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, that was the plan

gradle/libs.versions.toml
hypertrace-grpcUtils = "0.9.0"
hypertrace-documentStore = "0.7.18"

protoc = "3.21.2"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is an older version with vulnerabilities. we've been using 3.21.7 (although looks like 3.21.8 is out now)

gradle/libs.versions.toml
protoc = "3.21.2"
grpc = "1.48.0"
mockito = "4.8.1"
jackson = "2.13.4.2"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: this isn't a full jackson version - jackson hotfixes are inconsistent across modules (i.e. most jackson modules don't have a 2.13.4.2, only a 2.13.4). So it works since we only use databind, but probably just want to inline this version there to avoid a mistake in the future (or rename it specifically jacksonDatabind would be fine too)

gradle/libs.versions.toml
mockito-junit = { module = "org.mockito:mockito-junit-jupiter", version.ref = "mockito" }

[bundles]
grpc-api = ["grpc-stub", "grpc-protobuf", "javax-annotation"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

grpc-bom got removed, please restore it (and if doing other repos, add it)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fuller explanation of my thinking behind using the grpc bom here - hypertrace/service-framework#56 (comment)

gradle/libs.versions.toml
typesafe-config = { module = "com.typesafe:config", version = "1.4.2" }
lombok = { module = "org.projectlombok:lombok", version = "1.18.22" }
slf4j-api = { module = "org.slf4j:slf4j-api", version = "1.7.32" }
apache-log4j-slf4jImpl = { module = "org.apache.logging.log4j:log4j-slf4j-impl", version = "2.17.1" }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you do a quick check on version numbers. I think a few of these are outdated - log4j, rxjava and lombok at least

@aaron-steinfeld
Copy link
Contributor

Can probably close this :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaron-steinfeld aaron-steinfeld aaron-steinfeld left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@skjindal93 @aaron-steinfeld