Core-Common dependency management cleanup and optimization
Description:
Issue: #1
- Heavy dependencies were replaced with shallow ones.
- For spring dependencies, the scope was changed to
provided
. This means that Core-Common consumers will define Spring dependencies by themselves (which is already happening). - All dependencies were bumped up.
- Unused dependencies were removed.
- The dependency management section was cleaned.
- Added maven dependency plugin to simplify dependency maintenance.
Replacements:
-
spring-boot-starter-validation
->hibernate-validator
,spring-boot-autoconfigure
-
spring-boot-starter-web
->spring-web
-
swagger-jaxrs
->swagger-models
mvn dependency:analyze
report:
Before fix:
[WARNING] Unused declared dependencies found:
[WARNING] org.springframework.boot:spring-boot-starter-web:jar:3.2.2:compile
[WARNING] org.springframework.boot:spring-boot-starter-validation:jar:3.2.2:compile
[WARNING] org.springframework:spring-webmvc:jar:6.1.3:compile
[WARNING] jakarta.servlet:jakarta.servlet-api:jar:6.1.0-M1:provided
[WARNING] com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.14.1:compile
[WARNING] com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.14.1:compile
[WARNING] io.swagger:swagger-jaxrs:jar:1.5.22:compile
[WARNING] org.mockito:mockito-inline:jar:5.2.0:test
After fix:
[WARNING] Unused declared dependencies found:
[WARNING] io.jsonwebtoken:jjwt:jar:0.12.5:compile
[WARNING] io.swagger:swagger-models:jar:1.6.14:compile
[WARNING] org.mockito:mockito-inline:jar:5.2.0:test
How to test:
Changes were tested via integration tests of Storage and Entitlements services:
Changes include:
-
Refactor (a non-breaking change that improves code maintainability). -
Bugfix (a non-breaking change that solves an issue). -
New feature (a non-breaking change that adds functionality). -
Breaking change (a change that is not backward-compatible and/or changes current functionality).
Changes in:
-
Common code
Dev Checklist:
-
Added Unit Tests, wherever applicable. -
Updated the Readme, if applicable. -
Existing Tests pass -
Verified functionality locally -
Self Reviewed my code for formatting and complex business logic.
Other comments:
I was trying to upgrade all dependencies at once, but biz.paluch.redis.lettuce
<dependency>
<groupId>biz.paluch.redis</groupId>
<artifactId>lettuce</artifactId>
<version>${lettuce.version}</version>
</dependency>
requires changing the dependency group id to io.lettuce
, as biz.paluch.redis.lettuce
is not supported anymore.
<dependency>
<groupId>io.lettuce</groupId>
<artifactId>lettuce-core</artifactId>
<version>6.3.2.RELEASE</version>
</dependency>
This causes issues in consumer services and could increase impact.
Changes are not complex, imports need to be changed from com.lambdaworks.redis
to io.lettuce
.
But this will add overhead, anyone who going to upgrade core-common, should be aware of that change.
So lettuce
was not upgraded, but it is worth doing so, if everyone agrees.
The current version is outdated and contains a lot of vulnerable dependencies.