I just discovered that after a renovate bot update three weeks ago from pdfbox-3.0.0 to pdfbox-3.0.1 our builds are still green but no tests are executed at all. This means we were blind for about 3 weeks because of an automerged bugfix release.
We are not using TestNG but Junit provided by Spring Boot version 3.X. The tests are not failing but simply skipped and reported as passed. This leaves us in a false assumption of safety. Gilis workaround for TestNG works for in our case too. But in my mind this is a major incident and should be fixed asap. Cheers, Christian On 2023/12/04 17:55:58 Gili Tzabari wrote: > For anyone else using TestNG for unit tests, you'll need to explicitly > exclude JUnit until this is fixed; otherwise, Surefire will refuse to > use TestNG. > > org.apache.pdfbox pdfbox 3.0.1 org.junit.jupiter junit-jupiter > > Gili > > On 2023-12-03 20:47, Dan Rabe wrote: > > Great, thank you! We’ll look forward to seeing this in the next release! > > > > --Dan > > > > From: Andreas Lehmkühler > > Date: Sunday, December 3, 2023 at 1:58 PM > > To:users@pdfbox.apache.org > > Subject: [External Sender] Re: PDFBox 3.0.1 compile dependency on > > junit-jupiter > > solved, see [1] for further details. > > > > Andreas > > > > [1]https://urldefense.com/v3/__https://issues.apache.org/jira/browse/PDFBOX-5722__;!!Iz9xO38YGHZK!86ddyxmB45umUPT5RruBNFFOHrj4DuhHNvfFoJ0V1eQuJhQo9dtUS41wP9sKfM2mKCyhfjyTwkVcb52L0AYxMorg$ > > > > Am 02.12.23 um 09:05 schrieb Andreas Lehmkühler: > >> Hi, > >> > >> Am 01.12.23 um 17:14 schrieb Dan Rabe: > >>> It looks like a compile dependency on junit-jupiter snuck into the > >>> 3.0.1 release. > >>> > >>> If I look at the maven page for 3.0.0 at > >>> https://urldefense.com/v3/__https://mvnrepository.com/artifact/org.apache.pdfbox/pdfbox/3.0.0__;!!Iz9xO38YGHZK!86ddyxmB45umUPT5RruBNFFOHrj4DuhHNvfFoJ0V1eQuJhQo9dtUS41wP9sKfM2mKCyhfjyTwkVcb52L0IYlyu3Q$ > >>> , > >>> junit-jupiter is listed as a test dependency. > >>> If I look at the maven page for 3.0.1 at > >>> https://urldefense.com/v3/__https://mvnrepository.com/artifact/org.apache.pdfbox/pdfbox/3.0.1__;!!Iz9xO38YGHZK!86ddyxmB45umUPT5RruBNFFOHrj4DuhHNvfFoJ0V1eQuJhQo9dtUS41wP9sKfM2mKCyhfjyTwkVcb52L0Bp0SxKX$ > >>> , > >>> junit-jupiter is listed as a compile dependency. > >>> > >>> As a result, the war file that I build would contain the junit > >>> libraries. I’m assuming it’s a mistake of some sort that it got > >>> reclassified as “compile” rather than “test”? > >> Your assumption is correct, it's a mistake. It was introduce with > >> PDFBOX-5699 which rearranged some parts of the maven build. My bad :-( > >> > >> I'm going to fix that and doublecheck all the other components. > >> > >> Thanks for the report > >> > >> Andreas > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail:users-unsubscr...@pdfbox.apache.org > >> For additional commands, e-mail:users-h...@pdfbox.apache.org > >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail:users-unsubscr...@pdfbox.apache.org > > For additional commands, e-mail:users-h...@pdfbox.apache.org > >
