-
Notifications
You must be signed in to change notification settings - Fork 486
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bump google.library.version to 26.30.0 #10186
Conversation
This comment has been minimized.
This comment has been minimized.
@donsizemore - QDR switched to using the libraries-bom, which I think is smaller. See https://github.com/QualitativeDataRepository/dataverse/blob/888503e5c248930fe9770073376cd75edfeee822/modules/dataverse-parent/pom.xml#L42-L48 and https://github.com/QualitativeDataRepository/dataverse/blob/888503e5c248930fe9770073376cd75edfeee822/modules/dataverse-parent/pom.xml#L156. Would that make sense here w.r.t. security? (I think we only use this in the Google Archiver and that works with the latest libraries-bom version (26.28.0)). |
I think this makes perfect sense. I'll update my branch - thank you. |
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Note I've only tested up to v 26.28.0 so far (29 came out yesterday!). Before this is merged I can test 29 @ QDR (unless someone wants to setup a Google Archiver).
@donsizemore - care to bump this to 26.30.0 before QA? It came out the 17th. |
@qqmyers done! |
This comment has been minimized.
This comment has been minimized.
QDR is running this in production. |
This test failed in the last Jenkins run on this PR: |
It did just bomb with the same test failure. Could still be something not specific to this pr - but it appears to be passing in develop branch as of this morning: https://jenkins.dataverse.org/job/IQSS-dataverse-develop/ |
📦 Pushed preview images as
🚢 See on GHCR. Use by referencing with full name as printed above, mind the registry name. |
Thank you @donsizemore and @qqmyers. |
What this PR does / why we need it:
Switches to the latest version of a more focused bom as a way to address the issue. See the changed file.
Which issue(s) this PR closes:
dataverse-security #75
Special notes for your reviewer:
None
Suggestions on how to test this:
test Google Cloud preservation workflow. Unless IQSS wants to set up for this, @qqmyers can tested it at QDR (where v26.28 of the library has already been tested. Beyond that, general regression testing is needed.
Does this PR introduce a user interface change? If mockups are available, please link/include them here:
No
Is there a release notes update needed for this change?:
No
Additional documentation:
None