maestro icon indicating copy to clipboard operation
maestro copied to clipboard

Published 20 hours ago verified publisher icon mobile-dev-inc

Update dependencies

Open NyCodeGHG opened this issue 10 months ago • 1 comments

Proposed Changes

This PR updates all dependencies to their latest versions. A few dependencies such as ktor and logback had vulnerabilites before (also see #1720) It also raises the build and runtime JDK requirements, as the Android Gradle Plugin requires running gradle with Java 17 and targeting Java 11. The Android APK Parser libraries used in maestro now also require at least Java 11 at runtime.

I also cherry-picked eec3de088f6384c46171530f6b57dc48a3c29277 as the warning which existed with Gradle 7, is now a hard error in Gradle 8.

Testing

Ran the android advanced flow on an emulator.

Issues Fixed

NyCodeGHG avatar Apr 23 '24 11:04 NyCodeGHG

Worth updating the GitHub Action too, so that you get the checks to ✅ ?

Fishbowler avatar May 17 '24 15:05 Fishbowler

Hey @NyCodeGHG Could you please get the newest changes from main that were merged and update this PR ?

lucaswiechmann avatar May 29 '24 15:05 lucaswiechmann

@lucaswiechmann done!

NyCodeGHG avatar Jun 03 '24 14:06 NyCodeGHG

Hey @NyCodeGHG thanks for that. Also, could you please check and fix the github actions?

Follow some details:

> Task :maestro-orchestra:compileTestKotlin
w: file:///home/runner/work/maestro/maestro/maestro-orchestra/src/test/java/maestro/orchestra/MaestroCommandSerializationTest.kt:57:13 'TapOnPointCommand' is deprecated. Use TapOnPointV2Command instead
w: file:///home/runner/work/maestro/maestro/maestro-orchestra/src/test/java/maestro/orchestra/MaestroCommandSerializationTest.kt:214:13 'AssertCommand' is deprecated. Use AssertConditionCommand instead
w: file:///home/runner/work/maestro/maestro/maestro-orchestra/src/test/java/maestro/orchestra/workspace/WorkspaceExecutionPlannerErrorsTest.kt:42:14 Parameter 'testCaseName' is never used

> Task :maestro-studio:server:compileJava NO-SOURCE
> Task :maestro-studio:server:classes
> Task :maestro-studio:server:jar
> Task :maestro-orchestra:compileTestJava NO-SOURCE
> Task :maestro-orchestra:testClasses
e: file:///home/runner/work/maestro/maestro/maestro-test/src/test/kotlin/maestro/test/IntegrationTest.kt:3059:33 Overload resolution ambiguity: 
public final fun isAtMost(other: Long?): Unit defined in com.google.common.truth.LongSubject
public final fun isAtMost(other: Int): Unit defined in com.google.common.truth.LongSubject

> Task :maestro-test:compileTestKotlin FAILED

> Task :maestro-orchestra:test

> Task :maestro-cli:compileKotlin
w: file:///home/runner/work/maestro/maestro/maestro-cli/src/main/java/maestro/cli/api/ApiClient.kt:352:60 Unchecked cast: Any? to Map<String, Any>
w: file:///home/runner/work/maestro/maestro/maestro-cli/src/main/java/maestro/cli/report/HtmlTestSuiteReporter.kt:120:15 'script(String? = ..., String? = ..., String = ...): Unit' is deprecated. This tag doesn't support content or requires unsafe (try unsafe {})
w: file:///home/runner/work/maestro/maestro/maestro-cli/src/main/java/maestro/cli/runner/TestRunner.kt:100:29 Variable 'cachedAppState' is never used

FAILURE: Build failed with an exception.

* What went wrong:

Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

lucaswiechmann avatar Jun 05 '24 17:06 lucaswiechmann

Hey @NyCodeGHG

This PR updates all dependencies to their latest versions.

Could you explain a little more the motivation to update all of those dependencies to their latest version?

A few dependencies such as ktor and logback had vulnerabilites before

Have you noticed other vulnerabilities other than the ones merged on this another PR ? If so, my suggestion is to update only the dependencies that has vulnerabilities.

More context: these changes could affect many people which are already using maestro today, besides that this brings major changes on how we manage our cloud internally, which we would need to test very careful before deciding to go ahead with this PR.

lucaswiechmann avatar Jun 06 '24 19:06 lucaswiechmann

Could you explain a little more the motivation to update all of those dependencies to their latest version?

It's good practice to keep your dependencies up to date, so it's easier to update when a vulnerability gets public. If your on the latest version it's usually just a patch release, but if you're (possibly multiple) major or minor versions behind, it could be a lot more work to update

Have you noticed other vulnerabilities other than the ones merged on this another https://github.com/mobile-dev-inc/maestro/pull/1720?

no

major changes on how we manage our cloud internally

i'm not sure i see the major change? the java version is probably the biggest update but other than that

NyCodeGHG avatar Jun 07 '24 11:06 NyCodeGHG