JinwooHwang opened a new pull request, #7943:
URL: https://github.com/apache/geode/pull/7943
## Overview
This PR upgrades the Apache Commons IO library from version 2.15.1 to 2.18.0
to benefit from the latest security fixes, bug fixes, and improvements.
## Motivation
- **Security**: Ensure the project uses the latest version with all security
patches
- **Stability**: Benefit from bug fixes and improvements in newer releases
- **Maintenance**: Keep dependencies up-to-date to reduce technical debt
## Changes
This PR updates the commons-io dependency across the following files:
### Core Dependency Management
-
`build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy`
- Updated `commons-io.version` from `2.15.1` to `2.18.0`
### Test Resources
- `boms/geode-all-bom/src/test/resources/expected-pom.xml`
- Updated expected commons-io version in BOM test
### Integration Test Resources
- `geode-assembly/src/integrationTest/resources/assembly_content.txt`
- Updated JAR reference: `commons-io-2.15.1.jar` → `commons-io-2.18.0.jar`
-
`geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt`
- Updated classpath entry for commons-io
- `geode-server-all/src/integrationTest/resources/dependency_classpath.txt`
- Updated classpath entry for commons-io
## Testing
All tests and build validations have been successfully completed:
### ✅ Unit Tests
```bash
./gradlew test
```
- **Status**: PASSED
- **Duration**: 6m 24s
- **Tasks**: 244 actionable tasks (71 executed, 173 up-to-date)
### ✅ Build Validation
```bash
./gradlew clean build
```
- **Status**: PASSED
- **Duration**: 3m 45s
- **Tasks**: 625 actionable tasks (575 executed, 15 from cache, 35
up-to-date)
All quality gates passed:
- ✅ Code formatting (spotlessCheck)
- ✅ License compliance (rat)
- ✅ POM validation (checkPom)
- ✅ Dependency resolution
- ✅ Static analysis (pmdMain)
- ✅ Javadoc generation
## Compatibility
- **Backward Compatibility**: This is a minor version upgrade (2.15.1 →
2.18.0) within the same major version, maintaining API compatibility
- **Java Version**: Compatible with the project's Java 17 requirement
- **Breaking Changes**: None expected
## Release Notes Excerpt
Commons IO 2.18.0 includes:
- Security improvements and vulnerability fixes
- Bug fixes for file operations
- Performance improvements
- Enhanced error handling
## Checklist
- [x] Updated dependency version in DependencyConstraints.groovy
- [x] Updated all test resource files with new version
- [x] All unit tests pass
- [x] Build completes successfully
- [x] All quality checks pass (spotlessCheck, rat, checkPom, pmdMain)
- [x] No breaking changes introduced
- [x] Commit message follows project conventions
## Additional Notes
This upgrade is part of ongoing dependency maintenance to ensure the Apache
Geode project remains secure and up-to-date with the latest stable releases of
its dependencies.
<!-- Thank you for submitting a contribution to Apache Geode. -->
<!-- In order to streamline review of your contribution we ask that you
ensure you've taken the following steps. -->
### For all changes, please confirm:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced in
the commit message?
- [x] Has your PR been rebased against the latest commit within the target
branch (typically `develop`)?
- [x] Is your initial contribution a single, squashed commit?
- [x] Does `gradlew build` run cleanly?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
