Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Nov 25 05:33

    dependabot-preview[bot] on maven

    (compare)

  • Nov 25 05:33
    dependabot-preview[bot] closed #47
  • Nov 25 05:33
    dependabot-preview[bot] commented #47
  • Nov 25 05:33
    dependabot-preview[bot] labeled #48
  • Nov 25 05:33
    dependabot-preview[bot] opened #48
  • Nov 25 05:33

    dependabot-preview[bot] on maven

    Bump mockito-core from 2.12.0 t… (compare)

  • Oct 27 05:31

    dependabot-preview[bot] on maven

    (compare)

  • Oct 27 05:31
    dependabot-preview[bot] closed #46
  • Oct 27 05:31
    dependabot-preview[bot] commented #46
  • Oct 27 05:31
    dependabot-preview[bot] labeled #47
  • Oct 27 05:31
    dependabot-preview[bot] opened #47
  • Oct 27 05:31

    dependabot-preview[bot] on maven

    Bump mockito-core from 2.12.0 t… (compare)

  • Oct 26 05:33

    dependabot-preview[bot] on maven

    (compare)

  • Oct 26 05:33
    dependabot-preview[bot] closed #26
  • Oct 26 05:33
    dependabot-preview[bot] commented #26
  • Oct 26 05:33
    dependabot-preview[bot] labeled #28
  • Oct 26 05:33
    dependabot-preview[bot] opened #28
  • Oct 26 05:33

    dependabot-preview[bot] on maven

    Bump joda-time from 2.10.6 to 2… (compare)

  • Oct 24 04:58
    snyk-bot opened #180
  • Oct 24 04:58

    neomatrix369 on snyk-fix-afdf31c2b4f06d8ac30a5fc5dd83eddb

    fix: pom.xml to reduce vulnerab… (compare)

will have another look in a bit
Graham Allan
@Grundlefleck
@kwahsog I'll try merging it just in case Travis has special logic for it's own config file. Doubt it, but worth a try, no harm in merging
Hah: "Pull requests that have a failing status can’t be merged from a phone."
Will do it on my desktop when I'm next at it
Alex
@kwahsog
hmm off to bed now, but will have another look at it later this week. It's certainly confusing why it would pass locally and not on merge request.
Graham Allan
@Grundlefleck
The build got further when I tried it with sudo: true, but it still failed in a unit test. It's a better failure than a core dump from a buffer overflow. We can now just track down the offending unit test and ditch it. But travis is taking ages to actually start the build after being created, so too late to give that a try.
LaSombra
@lasombra
:/
\o/
The static initializer for a particular class was trying to do something that interacted with the network, that failed and blew up on Travis CI. Part of the danger of loading classes while doing analysis. Guess the next question is why was the class being loaded at all o_O
Alex
@kwahsog
This message was deleted
ah good job, nice to have it always green
LaSombra
@lasombra
Interesting issue. Congrats getting it to work :)
Efim Pyshnograev
@badgersow
Hi, all.
I finished with my interview process and I finally have a time to continue work with line numbers problem :sparkles:
@Grundlefleck , did you find out why the class com.sun.corba.se.impl.io.FVDCodeBaseImpl was loaded?
LaSombra
@lasombra
Good luck @badgersow, hope you get it!
Efim Pyshnograev
@badgersow
Many thanks! Actually I was lucky enough :smile:
Just curious, have anybody outside Russia heard about Yandex company?
LaSombra
@lasombra
I heard about it but I have no idea how big it is
Efim Pyshnograev
@badgersow
5,463 full time employees. Just saw that Google has nearly 62k employees. Never thought it is that large
LaSombra
@lasombra
To me 5,000 is quite large already
62k? That's a lot of people
Efim Pyshnograev
@badgersow
According to google search, 386,558 people work in IBM :alien:
LaSombra
@lasombra
IBM and Microsoft are monsters
:)
The company I work for just broke 8k this year
Efim Pyshnograev
@badgersow
Where do you work if it's not a secret?
LaSombra
@lasombra
Red Hat
Efim Pyshnograev
@badgersow
It's very cool
LaSombra
@lasombra
It is quite cool indeed :)
Graham Allan
@Grundlefleck
"did you find out why the class com.sun.corba.se.impl.io.FVDCodeBaseImpl was loaded?" <-- I think it's because every class that is analysed does get loaded. I had it in my head that we overrode an ASM class to not load classes, but I don't think that implementation was ever switched in... sadface.
There's a dependency in the pom that's commented out (asm-nonclassloadingsimpleverifier) which is the necessary bit for not loading classes.
Grundlefleck @Grundlefleck 's company only has something like 25 devs
LaSombra
@lasombra
Is there a way to have a blacklist?
Graham Allan
@Grundlefleck
Not sure what you mean @lasombra. A blacklist of classes that cause problems when initialised?
There was a direct unit test of this class that has since been removed. It was only loaded because it was asserted against. Or rather, the actual class that was loaded needed to be analysed because this class referenced it: MutabilityDetector/MutabilityDetector@ddd469e
Think I would rather be able to use an implementation of SimpleVerifier that didn't load classes at all, ever, but can't remember why that's not been possible so far.
LaSombra
@lasombra
Oh, sorry @Grundlefleck. Referring to the "why the class com.sun.corba..." was loaded I think we could get a blacklist for JDK packages for example
Graham Allan
@Grundlefleck
Gotcha
LaSombra
@lasombra
There's no point, really, to scan JDK packages at all. That way a user mis-configuration wouldn't blow up
Graham Allan
@Grundlefleck
Ideally I'd like to be able to run Mutability Detector against classes from a JDK that is different from the JDK it's running with, can't do that currently.
i.e. you can't run Mutability Detector on JDK 8 to analyse java.lang.String from jars of JDK 9
LaSombra
@lasombra
But why would you?
Graham Allan
@Grundlefleck
Dunno, but sounds cool :P
LaSombra
@lasombra
Heh, true :)
LaSombra
@lasombra
Great release! Congratulations dude!
Alex
@kwahsog
Congrats!
Also wanna say a big thanks @Grundlefleck for having easily available bug fixes for newcomers. I started programming proffesionally about 5 months ago and really enjoying it (Sadly not in Java though).