Looks good to me (and tapestry-security). Ready when you are. Kalle
[INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 24.836 s [INFO] Finished at: 2024-10-31T22:53:51+02:00 [INFO] ------------------------------------------------------------------------ kaosko@kaosko-x1:~/code/tapestry-security$ git add . kaosko@kaosko-x1:~/code/tapestry-security$ git commit -m "Update to tapestry 5.9.0-preview and jakarta.servlet 4.0.4" [master ac9901e] Update to tapestry 5.9.0-preview and jakarta.servlet 4.0.4 1 file changed, 4 insertions(+), 4 deletions(-) On Thu, Oct 10, 2024 at 7:17 AM D Tim Cummings <t...@triptera.com.au.invalid> wrote: > Thanks for working on the jakarta release. I am really looking forward > to it. I thought I would try out the new quickstart to see how it performs. > > mvn archetype:generate \ > -DinteractiveMode=false \ > -DarchetypeGroupId=org.apache.tapestry \ > -DarchetypeArtifactId=quickstart \ > -DarchetypeVersion=5.9.0-preview-2 \ > -DgroupId=com.example.quickstart \ > -DartifactId=tap590 \ > -Dversion=1.0-SNAPSHOT \ > -Dpackage=com.example.quickstart.tap590 > > cd tap590 > > mvn jetty:run > > > *ISSUE 1*: Caused by: java.lang.ClassNotFoundException: > javax.servlet.Filter > > *FIX 1*: Realised that I needed to change the artifactIds in pom.xml > > tapestry-core => tapestry-core-jakarta > > tapestry-webresources => tapestry-webresources-jakarta > > Now the app would run http://localhost:8080 > > > *ISSUE 2*: Lots of classes scanned from multiple locations. > > For example > > [WARNING] com.google.common.annotations.Beta scanned from multiple > locations: > jar:file:///home/user/.m2/repository/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar!/com/google/common/annotations/Beta.class, > > > jar:file:///home/user/.m2/repository/com/google/javascript/closure-compiler-unshaded/v20220502/closure-compiler-unshaded-v20220502.jar!/com/google/common/annotations/Beta.class > > *FIX 2*: Removing tapestry-webresources-jakarta from the pom.xml > eliminated all of these warnings. I don't know what the fix is if you > want to keep tapestry-webresources-jakarta in the pom. > > > *ISSUE 3*: The POM for > org.apache.maven.plugins:maven-surefire-plugin:jar:3.1 is missing, no > dependency information available > > *FIX 3*: I think this is a typo in pom.xml. Should be > > <maven-surefire-version>3.5.1</maven-surefire-version> > > > *ISSUE 4*: Red Hat Overview of security issues identified 5 high > vulnerabilities and 5 medium vulnerabilities, all to do with > com.fasterxml.jackson.dataformat:jackson-dataformat-yaml 2.13.1 and > com.fasterxml.jackson.core:jackson-databind 2.13.1. > > *FIX 4*: pom.xml. Upgrading jackson-version to 2.18.0 solved the problem > > <jackson-version>2.18.0</jackson-version> > > While upgrading, the following dependencies could also be upgraded. > (from `mvn versions:display-dependency-updates`) > > <junit-version>5.11.2</junit-version> > <yasson-version>3.0.4</yasson-version> > > > *ISSUE 5*: [ERROR] Project requires an incorrect minimum version of > Maven. (as highlighted by `mvn versions:display-plugin-updates`) > > *FIX 5*: pom.xml update maven-enforcer-plugin version and required maven > version > > <plugin> > <groupId>org.apache.maven.plugins</groupId> > <artifactId>maven-enforcer-plugin</artifactId> > <version>*3.5.0*</version> > <executions> > <execution> > <id>enforce-maven</id> > <goals> > <goal>enforce</goal> > </goals> > <configuration> > <rules> > <requireMavenVersion> > <version>*3.6.3*</version> > </requireMavenVersion> > </rules> > </configuration> > </execution> > </executions> > </plugin> > > While upgrading plugins, could also upgrade to the following versions > > <maven-compiler-version>3.13.0</maven-compiler-version> > <maven-war-version>3.4.0</maven-war-version> > > > *ISSUE 6*: src/main/webapp/WEB-INF/web.xml uses old namespaces linked to > javaee > > <web-app xmlns="https://xmlns.jcp.org/xml/ns/javaee"; > xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="https://xmlns.jcp.org/xml/ns/javaee > https://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"; > version="3.1"> > > *FIX 6*: should be > > <web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee > https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd"; > version="5.0"> > > > *ISSUE 7*: Jetty 12 now available > > *FIX 7*: pom.xml update the new version in properties and update the plugin > > <maven-jetty-version>12.0.14</maven-jetty-version> > > <plugin> > <groupId>org.eclipse.jetty.ee9</groupId> > <artifactId>jetty-ee9-maven-plugin</artifactId> > <version>${maven-jetty-version}</version> > <configuration> > <webApp> > <contextPath>/</contextPath> > </webApp> > <scan>10</scan> > <httpConnector> > <port>8080</port> > </httpConnector> > </configuration> > </plugin> > > > Regards > > Tim > > On 19/9/24 23:41, Thiago H. de Paula Figueiredo wrote: > > Hello, Tapestry community! > > > > Apache Tapestry 5.9.0-preview-2 was released. Notice the '-preview' in > the > > version name. It's the second one using 2 parallel branches to support > both > > jakarta.servlet and javax.servlet, so consider this as a public beta so > > people can test it and we can troubleshoot before the proper 5.9.0 > release. > > > > Notice the jakarta.servlet-using artifacts are all of the Tapestry > > artifacts except Plastic, Commons, BeanModel, genericsresolver-guava and > > Quickstart have the '-jakarta' suffix for backward compatibility reasons. > > For example, the dependency on the jakarta.servlet tapestry-core version > > would be this in Maven: > > <dependency> > > <groupId>org.apache.tapestry</groupId> > > <artifactId>tapestry-core*-jakarta*</artifactId> > > <version>5.9.0-preview</version> > > <scope>compile</scope> > > </dependency> > > > > Fixed issues: > > 1) The list of suffixed artifacts was expanded. For example, > > tapestry-upload isn't usable with the javax.servlet Tapestry version. > > 2) As noticed by Dmitry Gusev (thanks!), tapestry-jpa needed to have a > > suffixed version and also upgraded dependencies, since the current one > > still uses the javax.servlet packages. > > 3) A number of artifacts was still using dependencies with > javax.something > > classes which have corresponding jakarta.something ones, something that > > could cause problems when running in servlet containers implementing the > > latest Servlet API versions. These dependencies have been upgraded. > > > > Please post here any issues you find. > > > > Happy testing! > > > > Cheers! > >
