Bump mongodb5.version from 4.11.2 to 4.11.3 #2816

dependabot · 2024-08-09T10:42:48Z

Bumps mongodb5.version from 4.11.2 to 4.11.3.
Updates org.mongodb:bson from 4.11.2 to 4.11.3

Commits

1335948 Version: bump 4.11.3
55a3498 Connection String (#1467)
720c322 Kotlin: Updated driver metadata (#1461)
a0add9c Added Bson-Kotlin Array Codec (#1457)
3fc18bf Ensure Sink.contextView is propagated
d988c37 Fix bson-kotlinx encodeNullableSerializableValue null handling (#1453)
f339684 Fix getCodec of matching type argument bug (#1339)
1aafa7a Enhance KotlinSerializer with value codecs for widening primitive conversion....
9c73aee Ported tests from bson-kotlinx to bson-kotlin (#1434)
11a4f92 JAVA-5342 Fix encoding generics with nullable type parameters (#1317)
Additional commits viewable in compare view

Updates org.mongodb:mongodb-driver-core from 4.11.2 to 4.11.3

Commits

1335948 Version: bump 4.11.3
55a3498 Connection String (#1467)
720c322 Kotlin: Updated driver metadata (#1461)
a0add9c Added Bson-Kotlin Array Codec (#1457)
3fc18bf Ensure Sink.contextView is propagated
d988c37 Fix bson-kotlinx encodeNullableSerializableValue null handling (#1453)
f339684 Fix getCodec of matching type argument bug (#1339)
1aafa7a Enhance KotlinSerializer with value codecs for widening primitive conversion....
9c73aee Ported tests from bson-kotlinx to bson-kotlin (#1434)
11a4f92 JAVA-5342 Fix encoding generics with nullable type parameters (#1317)
Additional commits viewable in compare view

Updates org.mongodb:mongodb-driver-legacy from 4.11.2 to 4.11.3

Commits

1335948 Version: bump 4.11.3
55a3498 Connection String (#1467)
720c322 Kotlin: Updated driver metadata (#1461)
a0add9c Added Bson-Kotlin Array Codec (#1457)
3fc18bf Ensure Sink.contextView is propagated
d988c37 Fix bson-kotlinx encodeNullableSerializableValue null handling (#1453)
f339684 Fix getCodec of matching type argument bug (#1339)
1aafa7a Enhance KotlinSerializer with value codecs for widening primitive conversion....
9c73aee Ported tests from bson-kotlinx to bson-kotlin (#1434)
11a4f92 JAVA-5342 Fix encoding generics with nullable type parameters (#1317)
Additional commits viewable in compare view

Updates org.mongodb:mongodb-driver-sync from 4.11.2 to 4.11.3

Commits

1335948 Version: bump 4.11.3
55a3498 Connection String (#1467)
720c322 Kotlin: Updated driver metadata (#1461)
a0add9c Added Bson-Kotlin Array Codec (#1457)
3fc18bf Ensure Sink.contextView is propagated
d988c37 Fix bson-kotlinx encodeNullableSerializableValue null handling (#1453)
f339684 Fix getCodec of matching type argument bug (#1339)
1aafa7a Enhance KotlinSerializer with value codecs for widening primitive conversion....
9c73aee Ported tests from bson-kotlinx to bson-kotlin (#1434)
11a4f92 JAVA-5342 Fix encoding generics with nullable type parameters (#1317)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `mongodb5.version` from 4.11.2 to 4.11.3. Updates `org.mongodb:bson` from 4.11.2 to 4.11.3 - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r4.11.2...r4.11.3) Updates `org.mongodb:mongodb-driver-core` from 4.11.2 to 4.11.3 - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r4.11.2...r4.11.3) Updates `org.mongodb:mongodb-driver-legacy` from 4.11.2 to 4.11.3 - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r4.11.2...r4.11.3) Updates `org.mongodb:mongodb-driver-sync` from 4.11.2 to 4.11.3 - [Release notes](https://github.com/mongodb/mongo-java-driver/releases) - [Commits](mongodb/mongo-java-driver@r4.11.2...r4.11.3) --- updated-dependencies: - dependency-name: org.mongodb:bson dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.mongodb:mongodb-driver-core dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.mongodb:mongodb-driver-legacy dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.mongodb:mongodb-driver-sync dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

ppkarwasz · 2024-08-09T10:53:30Z

Something is wrong with this PR.

dependabot · 2024-08-09T10:53:32Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

vy · 2024-08-09T11:12:39Z

@ppkarwasz, don't we need to configure dependabot to update MongoDB 4 and 5 versions in isolation? Can we achieve this using multiple dependabot.yaml entries containing updates.ignored blocks differentiated with directory property pointing to the associated module? (Version properties need to be moved from the parent to the associated module.)

I guess we need this for SLF4J 1 and 2 too, don't we?

ppkarwasz · 2024-08-09T11:33:24Z

We have an ignore entry to prevent Dependabot from applying major updates:

logging-log4j2/.github/dependabot.yaml

Lines 118 to 121 in 404ac48

    
           # MongoDB 3.x should only upgrade to 3.x and 
        
           # MongoDB 4.x should only upgrade to 4.x 
        
           - dependency-name: "org.mongodb:*" 
        
             update-types: [ "version-update:semver-major" ]

We can try adding a separate Dependabot execution for log4j-slf4j-impl and log4j-mongodb4.

vy · 2024-08-09T11:54:50Z

We have an ignore entry to prevent Dependabot from applying major updates:

logging-log4j2/.github/dependabot.yaml

Lines 118 to 121 in 404ac48

# MongoDB 3.x should only upgrade to 3.x and

# MongoDB 4.x should only upgrade to 4.x

- dependency-name: "org.mongodb:*"

update-types: [ "version-update:semver-major" ]

Yes, I am aware of this. But, I have the impression that, instructing dependabot to ignore major updates does not stop it from attempting to update 5.0.1 to 4.11.3, when 1) we have both MongoDB 4 and 5 dependencies and 2) 4.11.3 is freshly released.

That is the reason I think we should

Move version properties, of dependencies that we support multiple major versions, to their dedicated modules
Create dedicated dependabot updates.ignored entries differentiated with directory

ppkarwasz · 2024-08-09T12:25:36Z

I tried to apply a fix in f398ac5. Let us see what happens.

ppkarwasz · 2024-08-09T12:27:27Z

Apparently it worked #2822, thanks.

ppkarwasz · 2024-08-09T12:37:20Z

I spoke too soon. In this PR #2825 Dependabot tries to update the POM for log4j-slf4j-impl, although it has a separate run for log4j-slf4j-impl and log4j-mongodb4.

vy · 2024-08-09T12:52:02Z

@ppkarwasz, shouldn't we

Ignore all SLF4J and MongoDB updates in the generic dependabot.yaml block
Pin SLF4J 2 updates to 2.x.x

dependabot bot added dependencies Related to third party dependency updates or migrations java Pull requests that update Java code labels Aug 9, 2024

ppkarwasz closed this Aug 9, 2024

dependabot bot deleted the dependabot/maven/2.x/mongodb5.version-4.11.3 branch August 9, 2024 10:53

github-actions bot pushed a commit that referenced this pull request Aug 9, 2024

Update org.mongodb:bson to version 4.11.3 (#2816)

6526f17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Bump mongodb5.version from 4.11.2 to 4.11.3 #2816

Bump mongodb5.version from 4.11.2 to 4.11.3 #2816

Uh oh!

dependabot bot commented on behalf of github Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

dependabot bot commented on behalf of github Aug 9, 2024

Uh oh!

vy commented Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

vy commented Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

vy commented Aug 9, 2024

Uh oh!

Uh oh!

Uh oh!

Bump mongodb5.version from 4.11.2 to 4.11.3 #2816

Bump mongodb5.version from 4.11.2 to 4.11.3 #2816

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

dependabot bot commented on behalf of github Aug 9, 2024

Uh oh!

vy commented Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

vy commented Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

ppkarwasz commented Aug 9, 2024

Uh oh!

vy commented Aug 9, 2024

Uh oh!

Uh oh!