Skip to content

chore(deps): Bump org.apache.fory:fory-core from 1.2.0 to 1.3.0#24262

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/org.apache.fory-fory-core-1.3.0
Closed

chore(deps): Bump org.apache.fory:fory-core from 1.2.0 to 1.3.0#24262
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/org.apache.fory-fory-core-1.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps org.apache.fory:fory-core from 1.2.0 to 1.3.0.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 26, 2026
@github-actions

Copy link
Copy Markdown
Contributor

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

@github-actions

Copy link
Copy Markdown
Contributor

🧪 CI tested the following changed modules:

  • parent

POM dependency changes: targeted tests included

Changed properties: fory-version

Modules affected by dependency changes (1)
  • :camel-fory
All tested modules (2 modules)
  • Camel :: Fory
  • Camel :: Parent

⚙️ View full build and test results

@davsclaus davsclaus left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fory 1.3.0 breaks on JDK 25 — the CI build (25, false) job fails with:

java.lang.IllegalStateException: JDK25+ string internals are inaccessible.
JDK25 zero-Unsafe mode requires java.base/java.lang.invoke to be open to Fory.
Use --add-opens=java.base/java.lang.invoke=ALL-UNNAMED

This is a regression: JDK 25 passes on main with fory 1.2.0. Fory 1.3.0 changed its internal string handling (PlatformStringUtils) to use java.lang.invoke APIs that JDK 25 no longer permits without explicit --add-opens.

Options:

  1. Wait for a fory release that handles JDK 25 without --add-opens
  2. Add --add-opens to camel-fory's surefire argLine as a workaround (but this also means runtime users would need the same flag)
  3. Close this PR and stay on fory 1.2.0 until upstream fixes JDK 25 support

This review was generated by an AI agent and may contain inaccuracies. Please verify all suggestions before applying.

Claude Code on behalf of Claus Ibsen

@apupier

apupier commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

upstream issue apache/fory#3788

@apupier

apupier commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

I think we can go with providing the parameter in the maven surefire test, document that when using camel fory the parameter --add-opens=java.base/java.lang.invoke=ALL-UNNAMED is required and mention it as a breaking change in the upgrade guide

@davsclaus

Copy link
Copy Markdown
Contributor

I think we can go with providing the parameter in the maven surefire test, document that when using camel fory the parameter --add-opens=java.base/java.lang.invoke=ALL-UNNAMED is required and mention it as a breaking change in the upgrade guide

okay that is good

@apupier apupier self-assigned this Jun 29, 2026
@apupier

apupier commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps org.apache.fory:fory-core from 1.2.0 to 1.3.0.

---
updated-dependencies:
- dependency-name: org.apache.fory:fory-core
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/org.apache.fory-fory-core-1.3.0 branch from 65884db to 5f1f6d4 Compare June 29, 2026 11:54
@apupier

apupier commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

created a PR from a branch from my fork #24317 because I'm unable to push on Apache repo today

@apupier apupier closed this Jun 29, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/maven/org.apache.fory-fory-core-1.3.0 branch June 29, 2026 12:11
@chaokunyang

chaokunyang commented Jun 30, 2026

Copy link
Copy Markdown

Fory 1.4.0 will add an Unsafe-based fallback path to get privileged invoke access, so I think it is reasonable to hold this upgrade for now and wait for the next Fory release.

Longer term, though, it would still be good to support opening java.base/java.lang.invoke on JDK 25+, since Unsafe is increasingly restricted and may become unavailable in a future JDK. If that happens, java.lang.invoke is likely to be the only practical fallback path for this kind of low-level access.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

core-build-and-dependencies dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants