1. Atlassian Avatar Atlassian
  2. Product Fabric
  3. adf-builder-java
  4. Issues

jackson2 artifact depends on non-published jackson version

Issue #77 closed
Ken Yee created an issue

com.atlassian.adf:adf-builder-java-jackson2:0.26.0 > com.fasterxml.jackson.core:jackson-databind:2.13.4.1

Trying to follow the simple example w/o luck. This version of jackson2 doesn’t exist: https://mvnrepository.com/artifact/com.fasterxml.jackson/jackson-bom. The example could also show simple examples for using gson or markdown.

Comments (13)

  2. Ken Yee reporter

    The link to 0.30.0 shows a login prompt so it’s not publicly accessible: “The most recent version of this library can be found on packages.atlassian.com. For version 0.30.0 of the core library together with Jackson v2 support, we can use:”

  3. Chris Fuller

    Our official repository is packages.atlassian.com. If you are having trouble finding a dependency, the best answer is to add that repository to your project. There are instructions on how to do that here.

    I will generally be tracking the same version of this library that we use in Jira so that I can be relatively certain it doesn't cause binary incompatibilities with it, but I have not yet set up the appropriate infrastructure to bump versions automatically. I checked to see if the version needed to be bumped, but Jira is actually bind (edit: behind) this version currently, so I’d prefer not to move it at this time. This particular version is available here. As of today, 0.32.0 is the current version of the adf-builder-java library and I think that you should be able to see it here. Note that this is not a 1.0.0 release, so I am not promising API stability at this point. I will at least make an effort to bump the minor version to help signal API breaks, however.

  4. Ken Yee reporter

    I’m still hitting this: 

    Could not find com.fasterxml.jackson:jackson-bom:2.13.4.1.
Searched in the following locations: 
  - https://packages.atlassian.com/mvn/maven-external/com/fasterxml/jackson/jackson-bom/2.13.4.1/jackson-bom-2.13.4.1.pom
Required by:
    project :rico > com.atlassian.adf:adf-builder-java-jackson2:0.32.0 > com.fasterxml.jackson.core:jackson-databind:2.13.4.1

    What’s weird is nothing declares usage of the jackson-bom in my libs.versions.toml (it’s a gradle project).

    I’ll try using gson instead…

  5. Ken Yee reporter

    Also, it’s a bit weird to depend on an internal version of Jackson2…. it should use the standard Maven artifacts…

  6. Chris Fuller

    Using internal versions is generally the result of serious security problems in the original artifact. We are not going to be compromising on security, sorry.

  8. Ken Yee reporter

    Gson works well so I’m unblocked so maybe that should be used for the example instead so others don’t hit this issue?

  9. Chris Fuller

    A later version may well be an acceptable answer. As I said, this is already ahead of the version used in Jira, so I’m hesitant to push forward and introduce risk of incompatibilities, but for your own project, managing the version dependency to something newer should be fine.

  10. Chris Fuller

    And yes, “gson” is simpler in many ways. I went with Jackson 2 because it has wider industry acceptance and is also the library that Atlassian prefers for its Java/Kotlin tech stacks, and I have more internal stakeholders than external ones at this stage. That said, the only thing in any of this that actually requires the use of Jackson 2 is the -schema module, and that is because the json-schema-validator library it depends on inflicts that dependency upon us. None of the other modules care.

  11. Ken Yee reporter

    Ahh..that makes sense. I didn’t realize you were using this internally. Hopefully you can just add it to your API w/ a flag to interpret the data as markdown so we don’t have to do this ourselves so thanks for building this :-)

  14. Log in to comment
Assignee
Type
task
Priority
major
Status
closed
Votes
0
Watchers
1