Skip to content

Update target platform to more closely follow JDT-LS. #585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
testforstephen merged 1 commit into from
Apr 17, 2025
Merged

Update target platform to more closely follow JDT-LS. #585

testforstephen merged 1 commit into from
Apr 17, 2025

Conversation

@rgrunber
Copy link
Contributor

@rgrunber rgrunber commented Apr 16, 2025

  • Update Apache Commons IO from 2.11.0 to 2.19.0

java-debug is a bundle contributed into the JDT-LS runtime. This means that it has no control over any dependencies it dos not contribute into the runtime itself (all of them). So when java-debug defines a target platform with dependencies that don't reference the same ones JDT-LS does, it is masking any potential runtime problems. This is the same issue we ran into on LSP4MP / quarkus-ls. The project will compile just fine and fail at runtime because the target platform is not reflective of runtime.

The solution is to reference the exact bundles JDT-LS is using (ie. the latest ones), at https://download.eclipse.org/jdtls/snapshots/repository/latest/plugins/ .

  • Need to verify this by running it but it compiles and tests seem to run just fine.

@rgrunber
Update target platform to more closely follow JDT-LS.
2b872ed 
- Update Apache Commons IO from 2.11.0 to 2.19.0

Signed-off-by: Roland Grunberg <rgrunber@redhat.com>
@rgrunber rgrunber removed this from Java Tooling Apr 16, 2025
testforstephen
testforstephen approved these changes Apr 17, 2025
View reviewed changes
Copy link
Contributor

@testforstephen testforstephen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. thanks for contribution.

@testforstephen testforstephen merged commit b98d493 into microsoft:main Apr 17, 2025
4 checks passed
@rgrunber rgrunber deleted the update-tp branch April 17, 2025 12:24
@svor
Copy link

svor commented Apr 17, 2025

Hi! 👋
@rgrunber thanks for the upgrading Apache Commons IO library, the old version contains high severity CVE problem.

@testforstephen Since this patch is important for the OpenShift Dev Spaces product and directly affects our delivery timeline, could I please ask for a new release of java-debug and vscode-java-debug with this change included? It would really help us move forward and integrate the fix promptly.

@testforstephen
Copy link
Contributor

testforstephen commented Apr 17, 2025

@svor sure, I will make some test tomorrow. if everything is fine and I will trigger a release for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@testforstephen testforstephen testforstephen approved these changes

@jdneo jdneo Awaiting requested review from jdneo jdneo is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rgrunber @svor @testforstephen