Testcontainers Version Update: 1.21.3 → 2.0.4

Open Akanksha-kedia opened this issue 2 months ago • 1 comments

Detailed Changes Made

1. Root POM Configuration (pom.xml)

BEFORE:

<testcontainers.version>1.21.3</testcontainers.version>

<dependencyManagement>
  <dependencies>
    <dependency>
      <groupId>org.testcontainers</groupId>
      <artifactId>testcontainers-bom</artifactId>
      <version>${testcontainers.version}</version>
      <type>pom</type>
      <scope>import</scope>
    </dependency>
  </dependencies>
</dependencyManagement>

AFTER:

<testcontainers.version>2.0.0</testcontainers.version>

<!-- Removed testcontainers-bom dependency completely -->

Why This Change:

Version Consistency: Direct version control instead of BOM management
Conflict Prevention: Eliminates potential version conflicts from BOM inheritance
Explicit Control: Each module now explicitly declares testcontainers versions
Security: Ensures all modules use the secure 2.0.0 version

2. Pinot Protobuf Module (pinot-plugins/pinot-input-format/pinot-protobuf/pom.xml)

BEFORE:

<dependency>
  <groupId>org.testcontainers</groupId>
  <artifactId>testcontainers</artifactId>
  <scope>test</scope>
</dependency>
<dependency>
  <groupId>org.testcontainers</groupId>
  <artifactId>kafka</artifactId>
  <scope>test</scope>
</dependency>

AFTER:

<dependency>
  <groupId>org.testcontainers</groupId>
  <artifactId>testcontainers</artifactId>
  <version>${testcontainers.version}</version>
  <scope>test</scope>
</dependency>
<dependency>
  <groupId>org.testcontainers</groupId>
  <artifactId>kafka</artifactId>
  <version>${testcontainers.version}</version>
  <scope>test</scope>
</dependency>

Why This Change:

Explicit Versioning: No longer relies on BOM for version resolution
Build Stability: Prevents Maven from selecting wrong versions
Security Assurance: Guarantees 2.0.0 usage for test containers

3. Pinot S3 Module (pinot-plugins/pinot-file-system/pinot-s3/pom.xml)

BEFORE:

<dependency>
  <groupId>com.adobe.testing</groupId>
  <artifactId>s3mock-testcontainers</artifactId>
  <version>${s3mock.version}</version>
  <scope>test</scope>
</dependency>

AFTER:

<dependency>
  <groupId>com.adobe.testing</groupId>
  <artifactId>s3mock-testcontainers</artifactId>
  <version>${s3mock.version}</version>
  <scope>test</scope>
  <exclusions>
    <exclusion>
      <groupId>org.testcontainers</groupId>
      <artifactId>testcontainers</artifactId>
    </exclusion>
  </exclusions>
</dependency>
<!-- Add explicit testcontainers dependency with version 2.0.0 -->
<dependency>
  <groupId>org.testcontainers</groupId>
  <artifactId>testcontainers</artifactId>
  <version>${testcontainers.version}</version>
  <scope>test</scope>
</dependency>

Why This Change:

Transitive Dependency Control: s3mock-testcontainers was pulling in old testcontainers 1.21.3
Security Critical: This was the main source of the security vulnerability
Dependency Hygiene: Explicit exclusion + inclusion pattern ensures correct version usage
Compatibility: Maintains s3mock functionality while upgrading security

Dec 17 '25 13:12 Akanksha-kedia

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 55.68%. Comparing base (2eeecc5) to head (6fbf256). :white_check_mark: All tests successful. No failed tests found.

:exclamation: There is a different number of reports uploaded between BASE (2eeecc5) and HEAD (6fbf256). Click for more details.

HEAD has 20 uploads less than BASE

Flag BASE (2eeecc5) HEAD (6fbf256)

java-21 2 1

unittests 3 2

temurin 7 2

java-11 5 1

integration 4 0

integration2 2 0

unittests2 1 0

integration1 1 0

custom-integration1 1 0

Flag	BASE (2eeecc5)	HEAD (6fbf256)
java-21	2	1
unittests	3	2
temurin	7	2
java-11	5	1
integration	4	0
integration2	2	0
unittests2	1	0
integration1	1	0
custom-integration1	1	0

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #17394      +/-   ##
============================================
- Coverage     63.30%   55.68%   -7.63%     
+ Complexity     1474      703     -771     
============================================
  Files          3155     2464     -691     
  Lines        188119   139165   -48954     
  Branches      28792    22179    -6613     
============================================
- Hits         119088    77490   -41598     
+ Misses        59800    55163    -4637     
+ Partials       9231     6512    -2719

Flag	Coverage Δ
custom-integration1	`?`
integration	`?`
integration1	`?`
integration2	`?`
java-11	`55.62% <ø> (-7.66%)`	:arrow_down:
java-21	`55.65% <ø> (+0.03%)`	:arrow_up:
temurin	`55.68% <ø> (-7.63%)`	:arrow_down:
unittests	`55.68% <ø> (-7.62%)`	:arrow_down:
unittests1	`55.68% <ø> (+0.02%)`	:arrow_up:
unittests2	`?`

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:

:package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Dec 18 '25 09:12 codecov-commenter