Fix bannedDependencies failure for jackson-module-scala in Cosmos Spark POMs#49261
Closed
jeet1995 wants to merge 1 commit into
Closed
Fix bannedDependencies failure for jackson-module-scala in Cosmos Spark POMs#49261jeet1995 wants to merge 1 commit into
jeet1995 wants to merge 1 commit into
Conversation
The update_versions.py script's regex (external_dependency_version_regex)
only matches values inside <version>...</version> XML elements. Custom
Maven property tags like <scala-jackson.version> were silently skipped
despite having valid {x-version-update} comments, leaving the enforcer
allowlist stale after the Jackson 2.18.6 -> 2.18.7 bump (PR #49180).
This fix eliminates the scala-jackson.version property indirection
entirely and replaces all usages with explicit versions and standard
{x-version-update}/{x-include-update} tags — the same pattern used by
all other Jackson modules in these POMs.
Changes:
- Remove scala-jackson.version property from spark_3, spark_3-5,
spark_3-5_2-12, and spark_4 parent POMs
- Replace enforcer <include> entries with hardcoded [2.18.7] +
{x-include-update} tags (spark_3/pom.xml)
- Replace dependency <version> elements with explicit 2.18.7 +
{x-version-update} tags (spark_3-5, spark_4)
Fixes the bannedDependencies CI failure blocking PRs #49095 and #49258.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes Cosmos Spark Maven Enforcer bannedDependencies failures by removing the scala-jackson.version property indirection (which update_versions.py doesn’t update) and replacing it with explicit jackson-module-scala versions and standard {x-version-update} / {x-include-update} metadata so future Jackson bumps remain consistent.
Changes:
- Removed the
scala-jackson.versionMaven property from Cosmos Spark parent POMs. - Hardcoded
jackson-module-scalaversions to2.18.7with standard{x-version-update}tags in Spark parent POMs. - Updated
maven-enforcer-pluginallowlist entries to explicitly allowjackson-module-scala2.18.7for both Scala 2.12 and 2.13.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| sdk/cosmos/azure-cosmos-spark_4/pom.xml | Removes scala-jackson.version and hardcodes jackson-module-scala version (but has a metadata mismatch to fix). |
| sdk/cosmos/azure-cosmos-spark_3/pom.xml | Replaces enforcer allowlist entries to explicitly allow jackson-module-scala_2.12/_2.13 at 2.18.7. |
| sdk/cosmos/azure-cosmos-spark_3-5/pom.xml | Removes scala-jackson.version and hardcodes jackson-module-scala version with {x-version-update}. |
| sdk/cosmos/azure-cosmos-spark_3-5_2-12/pom.xml | Removes scala-jackson.version property from the module POM. |
| <groupId>com.fasterxml.jackson.module</groupId> | ||
| <artifactId>jackson-module-scala_${scala.binary.version}</artifactId> | ||
| <version>${scala-jackson.version}</version> | ||
| <version>2.18.7</version> <!-- {x-version-update;com.fasterxml.jackson.module:jackson-module-scala_2.12;external_dependency} --> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
After the Jackson 2.18.6 to 2.18.7 dependency bump in PR #49180, the maven-enforcer-plugin bannedDependencies rule in azure-cosmos-spark_3/pom.xml rejects jackson-module-scala 2.18.7 as banned. This blocks all PRs that trigger Cosmos Spark builds (e.g., #49095, #49258).
Root Cause
The Spark parent POM used a custom Maven property
<scala-jackson.version>for the jackson-module-scala version. While this property had a valid{x-version-update}comment, the update_versions.py script's regex (external_dependency_version_regexineng/versioning/utils.py) only matches values inside<version>...</version>XML elements -- not custom property tags like<scala-jackson.version>...</scala-jackson.version>.When PR #49180 ran update_versions.py, it:
<version>tags (afterburner, dataformat-xml, databind) to 2.18.7{x-include-update}enforcer entries to [2.18.7]<scala-jackson.version>property (left at 2.18.6)Result: The enforcer allowlist permits only [2.18.6] for jackson-module-scala, but Maven resolves 2.18.7 -- banned.
Fix
Eliminate the
scala-jackson.versionproperty indirection entirely and replace all usages with explicit versions + standard{x-version-update}/{x-include-update}tags -- the same pattern used by all other Jackson modules in these POMs.Changes (4 files, net -4 lines):
<scala-jackson.version>property from spark_3, spark_3-5, spark_3-5_2-12, and spark_4 parent POMs<include>entries with hardcoded [2.18.7] +{x-include-update}tags (spark_3/pom.xml)<version>elements with explicit 2.18.7 +{x-version-update}tags (spark_3-5, spark_4)Future update_versions.py runs will update these versions correctly since they now use standard
<version>tags.Note
The underlying tooling limitation (
external_dependency_version_regexineng/versioning/utils.pyline 30 only matching<version>tags) will be addressed in a separate eng-sys PR.