tinkerpop icon indicating copy to clipboard operation
tinkerpop copied to clipboard
verified publisher icon apache

Only include STJ on net standard

Open thompson-tomo opened this issue 8 months ago • 8 comments

This PR adjusts the inclusion of System.Text.Json so that it is only included on net standard and not for the newer frameworks ie net 6.

The benefit is that it reduces the risk of conflicts which has occurred with other libraries, enables quicker remediation to CVE'S in STJ when end application deployed being dependent on framework as windows update can update the framework.

thompson-tomo avatar May 29 '25 08:05 thompson-tomo

Hi @thompson-tomo thanks for submitting this change. Can you please provide a description for this PR according to the guide here: https://tinkerpop.apache.org/docs/current/dev/developer/#pull-requests

Please also add a changelog entry to describe the change you've made so that users of the .net driver can be made aware.

andreachild avatar May 30 '25 18:05 andreachild

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 78.18%. Comparing base (cfd6889) to head (77c390a). Report is 265 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #3123      +/-   ##
============================================
+ Coverage     77.87%   78.18%   +0.31%     
- Complexity    13578    13774     +196     
============================================
  Files          1015     1024       +9     
  Lines         59308    60075     +767     
  Branches       6835     7003     +168     
============================================
+ Hits          46184    46968     +784     
+ Misses        10817    10752      -65     
- Partials       2307     2355      +48

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov-commenter avatar Jun 02 '25 17:06 codecov-commenter

Hi @thompson-tomo, I'm curious what is the motivation for this change. I'm not aware of any compatibility issues here, but .Net is also outside of my area of expertise.

Cole-Greer avatar Jun 05 '25 16:06 Cole-Greer

@Cole-Greer i have run in to issues with other libraries. The motivation is to proactively reduce the chance of issues/conflicts while also improving the ability to quickly remediate CVE'S in the field as the responsibility for managing the affected library falls to the framework rather than the consuming application

thompson-tomo avatar Jun 06 '25 10:06 thompson-tomo

VOTE +1

andreachild avatar Jun 10 '25 16:06 andreachild

VOTE +1

EchoNullify avatar Jun 10 '25 16:06 EchoNullify

VOTE +1

Cole-Greer avatar Jun 10 '25 23:06 Cole-Greer

VOTE +1

xiazcy avatar Jun 13 '25 02:06 xiazcy

Note: I've also cherry-picked this change back to 3.8-dev: https://github.com/apache/tinkerpop/commit/00622c5d02d0e7bae653cee1c4ee9d1a437f7297

Cole-Greer avatar Jul 14 '25 16:07 Cole-Greer