Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Release 2.0.10 uses SNAPSHOT dependencies

See original GitHub issue

Hi, Is it ok that release 2.0.10 uses snapshots from transitive dep swagger-parser 1.0.43?

[INFO] +- io.swagger.parser.v3:swagger-parser:jar:2.0.10:compile
[INFO] |  +- io.swagger.parser.v3:swagger-parser-v2-converter:jar:2.0.10:compile
[INFO] |  |  +- io.swagger:swagger-parser:jar:1.0.43:compile
[INFO] |  |  |  \- io.swagger:swagger-core:jar:1.5.23-SNAPSHOT:compile
[INFO] |  |  |     \- io.swagger:swagger-models:jar:1.5.23-SNAPSHOT:compile
[INFO] |  |  |        \- io.swagger:swagger-annotations:jar:1.5.23-SNAPSHOT:compile
[INFO] |  |  +- io.swagger:swagger-compat-spec-parser:jar:1.0.43:compile
[INFO] |  |  |  +- com.github.java-json-tools:json-schema-validator:jar:2.2.8:compile
[INFO] |  |  |  |  +- com.github.java-json-tools:json-schema-core:jar:1.2.8:compile
[INFO] |  |  |  |  |  +- org.mozilla:rhino:jar:1.7R4:compile
[INFO] |  |  |  |  |  \- com.github.fge:uri-template:jar:0.9:compile
[INFO] |  |  |  |  +- javax.mail:mailapi:jar:1.4.3:compile
[INFO] |  |  |  |  |  \- javax.activation:activation:jar:1.1:compile
[INFO] |  |  |  |  +- joda-time:joda-time:jar:2.9.7:compile
[INFO] |  |  |  |  +- com.googlecode.libphonenumber:libphonenumber:jar:8.0.0:compile
[INFO] |  |  |  |  \- net.sf.jopt-simple:jopt-simple:jar:5.0.3:compile
[INFO] |  |  |  +- com.github.fge:json-patch:jar:1.6:compile
[INFO] |  |  |  |  \- com.github.fge:jackson-coreutils:jar:1.6:compile
[INFO] |  |  |  |     \- com.github.fge:msg-simple:jar:1.1:compile
[INFO] |  |  |  |        \- com.github.fge:btf:jar:1.2:compile
[INFO] |  |  |  \- org.apache.httpcomponents:httpclient:jar:4.5.2:compile
[INFO] |  |  |     +- org.apache.httpcomponents:httpcore:jar:4.4.4:compile
[INFO] |  |  |     +- commons-logging:commons-logging:jar:1.2:compile
[INFO] |  |  |     \- commons-codec:commons-codec:jar:1.9:compile
[INFO] |  |  +- io.swagger.core.v3:swagger-models:jar:2.0.7:compile
[INFO] |  |  \- io.swagger.parser.v3:swagger-parser-core:jar:2.0.10:compile
[INFO] |  +- io.swagger.parser.v3:swagger-parser-v3:jar:2.0.10:compile
[INFO] |  |  \- io.swagger.core.v3:swagger-core:jar:2.0.7:compile
[INFO] |  |     +- javax.xml.bind:jaxb-api:jar:2.3.0:compile
[INFO] |  |     +- io.swagger.core.v3:swagger-annotations:jar:2.0.7:compile
[INFO] |  |     \- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] |  +- org.slf4j:slf4j-ext:jar:1.6.3:compile
[INFO] |  |  \- ch.qos.cal10n:cal10n-api:jar:0.7.4:compile
[INFO] |  \- commons-io:commons-io:jar:2.4:compile

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:1
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

2reactions
frantumacommented, Mar 26, 2019

Thanks @slinkydeveloper for spotting and reporting, and @jmini for the PRs; no snapshot dep should have make it to release, enforcer was planned but unfortunately not yet applied, so thanks again and please use 1.0.44 / 2.0.11 being released in the next hours

1reaction
jminicommented, Mar 26, 2019

To prevent situations like this in the future, I propose to let maven fail if a release is built with some a SNAPSHOT versions in the dependency tree:

Read more comments on GitHub >

github_iconTop Results From Across the Web

Release Notes 2.0.10 - Apache Software Foundation
This release fixes a security flaw in the Struts 2 tags where using JSP EL expressions could allow malicious OGNL expressions through. Portlet...
Read more >
Play 2.0 and SNAPSHOT dependencies - Stack Overflow
When I run a build in play, it properly uses this repo, but then caches the results in the ivy cache. Is there...
Read more >
SNAPSHOT dependencies in release Maven artifacts
I'm using this dependency https://mvnrepository.com/artifact/org.kurento/kurento-client/6.13.1. While building I notice SNAPSHOT ...
Read more >
2.0.x release versions | Dataproc Documentation - Google Cloud
Component 2.0.52‑debian10/‑ubuntu18/‑rocky8 2022/12/12 2.0.51‑debian10/‑ubuntu1... Apache Atlas 2.0.0 2.0.0 Apache Flink 1.12.5 1.12.5 Apache Hadoop 3.2.3 3.2.3
Read more >
7 Understanding Maven Version Numbers - Oracle Help Center
The SNAPSHOT dependency is refetched, on a developer's machine or it is updated in every build. This ensures that dependencies are updated and...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Ref resolver doesn't follow JSON Reference specification

Next page

Parse error when default value for string array property is a string array