Update Selenium to 4.27.0 +semver:feature

[mialeska]

PR Details

Related Issue Link:

How Has This Been Tested

Checklist

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.

[coderabbitai]

Walkthrough

The pull request primarily updates the pom.xml file to upgrade various dependency and plugin versions, including log4j, guava, jackson-databind, and selenium-java. Additionally, several Maven plugins have their versions increased to maintain compatibility and functionality. The FormDumpTests class has a minor change in the logic of a specific test method to adjust the sequence of operations, ensuring the hover action occurs after saving a dump.

Changes

File	Change Summary
pom.xml	Updated dependency versions: log4j (2.24.0 to 2.24.2), guava (33.3.0-jre to 33.3.1-jre), jackson-databind (2.18.0 to 2.18.2), selenium-java (4.25.0 to 4.27.0). Updated plugin versions: maven-compiler-plugin (3.12.1 to 3.13.0), jacoco-maven-plugin (0.8.11 to 0.8.12), maven-surefire-plugin (3.2.5 to 3.5.2), maven-source-plugin (3.3.0 to 3.3.1), maven-javadoc-plugin (3.6.3 to 3.11.1), maven-gpg-plugin (3.1.0 to 3.2.7), nexus-staging-maven-plugin (1.6.13 to 1.7.0).
src/test/java/tests/visualization/FormDumpTests.java	Modified shouldBePossibleToCompareWithDumpWithCustomNameWhenDifferenceIsNotZero method to change the sequence of operations regarding form.hoverAvatar().

Possibly related PRs

• Update to Selenium 4.24.0  #96: Update to Selenium 4.24.0 - This PR updates the selenium-java dependency in pom.xml, which is directly related to the version updates in the main PR.
• Update Selenium to 4.25.0 #97: Update Selenium to 4.25.0 - This PR also updates the selenium-java dependency in pom.xml, aligning with the version changes made in the main PR.

Suggested labels

enhancement, dependencies

Poem

In the garden of code, we hop and play,
Upgrading our friends, come what may.
With plugins and versions, we dance in delight,
Ensuring our tests run smoothly and bright.
So here's to the changes, both big and small,
A rabbit's cheer for the code, one and all! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

pom.xml (1)

Line range hint 1-282: Ensure comprehensive testing of all updates

Given the multiple version updates in this PR:

1. Run the full test suite to verify no regressions
2. Test the build process end-to-end
3. Consider splitting major version updates (like Selenium) into separate PRs for better isolation of changes

Consider adding a GitHub Actions workflow to automatically verify dependency compatibility and security advisories.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 0584a5e and 25de7db.

📒 Files selected for processing (2)

• pom.xml (9 hunks)
• src/test/java/tests/visualization/FormDumpTests.java (1 hunks)

🔇 Additional comments (5)

src/test/java/tests/visualization/FormDumpTests.java (1)

71-73: LGTM! Consider adding a clarifying comment.

The sequence change is logical - saving the dump before hovering ensures we capture the initial state for comparison. This makes the test more reliable and clearer in its intent.

Consider adding a comment to explain this sequence dependency:

 form.dump().save("Non-zero diff");
+// Hover must occur after saving the dump to ensure we capture the visual difference
 form.hoverAvatar();
 form.waitUntilPresent();

Since this is part of a Selenium upgrade, let's verify the test behavior:

✅ Verification successful

Let me gather more information about the test class and its dependencies to better understand the context.

---

Let me check the HoversForm class implementation and related test files to understand the full context.

---

Let me check the HoversForm implementation to understand the hover behavior.

---

Based on the implementation details from HoversForm.java, I can now generate the final response.

The sequence change is correct and necessary

The implementation shows that hoverAvatar() performs a clickAndHold action that waits for a hidden element to be displayed, which would definitely affect the visual state. The current sequence correctly captures the baseline state before applying the hover action.

Looking at the implementation:

• hoverAvatar() performs a complex action (moveToElement + clickAndHold)
• It waits for a hidden element to become displayed
• These visual changes are exactly what the test aims to detect

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check test history across Selenium versions to understand if this is a version-specific change

# Look for previous changes to this test method
git log -L '/shouldBePossibleToCompareWithDumpWithCustomNameWhenDifferenceIsNotZero/,/^    }/:src/test/java/tests/visualization/FormDumpTests.java'

# Check for related Selenium issues/discussions
gh api graphql -f query='
{
  search(query: "repo:SeleniumHQ/selenium hover action changes", type: ISSUE, first: 5) {
    nodes {
      ... on Issue {
        title
        url
        state
        createdAt
      }
    }
  }
}'

Length of output: 1360

---

Script:

#!/bin/bash
# Check the Form class implementation to understand hover and dump behavior
ast-grep --pattern 'class Form {
  $$$
  hoverAvatar($$$) {
    $$$
  }
  $$$
}'

# Look for other similar test methods in the same class
rg -B2 -A2 "form\.hoverAvatar\(\)" src/test/java/tests/visualization/FormDumpTests.java

# Check for other test classes using similar patterns
rg "hoverAvatar.*dump" --type java

Length of output: 486

---

Script:

#!/bin/bash
# Find and check HoversForm class implementation
fd -e java HoversForm

# Look for the dump implementation
ast-grep --pattern 'class $_ {
  $$$
  dump() {
    $$$
  }
  $$$
}'

# Check for other test methods in FormDumpTests
rg -A 5 "class FormDumpTests" src/test/java/tests/visualization/FormDumpTests.java

Length of output: 430

---

Script:

#!/bin/bash
# Check HoversForm implementation
cat src/test/java/theinternet/HoversForm.java

# Look for related test files that might provide more context
rg -l "HoversForm" --type java

# Check for any dump-related utility classes
fd -e java -e kt dump

Length of output: 4500

pom.xml (4)

20-20: Verify log4j version compatibility and security

The log4j update to 2.24.2 is a minor version change. Let's verify its security status and compatibility.

✅ Verification successful

Log4j 2.24.2 version is secure and compatible

The version 2.24.2 of Log4j is not affected by any known vulnerabilities. The security scan shows that all reported vulnerabilities affect much older versions:

• Critical vulnerability (remote code injection) affects versions < 2.3.1
• Low severity issues (SMTP appender) affect versions < 2.13.2
• High severity DoS vulnerability only affects Log4j 1.x versions

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for security advisories for log4j
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: MAVEN, package: "org.apache.logging.log4j:log4j-core") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 1562

---

134-134: Document Selenium 4.27.0 upgrade impact

The Selenium upgrade to 4.27.0 is a feature version update that might include breaking changes. Please:

1. Document any breaking changes from the changelog
2. Update the project's documentation if needed
3. Verify compatibility with java-client 9.3.0

✅ Verification successful

Selenium 4.27.0 upgrade appears safe to proceed

Based on the codebase analysis:

1. The project extensively uses Selenium's core APIs (findElement, findElements) but doesn't use any deprecated methods like getCapabilities().
2. The usage patterns align with Selenium 4.x stable APIs, focusing on standard WebElement interactions.
3. The project follows a clean abstraction layer through aquality.selenium.core which isolates direct Selenium dependencies.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for Selenium-dependent test files that might need updates
echo "Searching for Selenium usage patterns that might need updates..."
rg -l "import org.openqa.selenium" --type java

# Check for potential breaking changes in test files
echo "Checking for common breaking changes patterns..."
rg "getCapabilities\(\)" --type java
rg "findElement" --type java

Length of output: 26376

---

Line range hint 137-141: Verify Appium java-client compatibility

Please verify that java-client 9.3.0 is compatible with Selenium 4.27.0 to avoid any runtime issues.

✅ Verification successful

Appium java-client 9.3.0 is compatible with Selenium 4.27.0

The codebase shows proper integration between Appium and Selenium:

• WindowsApplication.java uses WindowsDriver and WindowsOptions from java-client 9.3.0
• CalculatorWindow.java uses AppiumBy alongside Selenium's By
• Both libraries are used in a compatible way with no conflicting imports or deprecated usage patterns

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for Appium-specific test files that might need updates
echo "Searching for Appium usage patterns..."
rg -l "import io.appium" --type java

Length of output: 259

---

Script:

#!/bin/bash
# Check the actual Appium usage in test files
echo "Checking Appium usage in WindowsApplication.java..."
rg -A 5 "import io.appium" src/test/java/tests/applications/windowsApp/WindowsApplication.java

echo -e "\nChecking Appium usage in CalculatorWindow.java..."
rg -A 5 "import io.appium" src/test/java/tests/applications/windowsApp/CalculatorWindow.java

# Check for Selenium version in pom.xml
echo -e "\nChecking Selenium version..."
rg "selenium-java" -A 2 pom.xml

Length of output: 1066

---

192-192: Review significant plugin version jumps

The following plugins have significant version increases:

• maven-surefire-plugin: 3.2.5 -> 3.5.2
• maven-javadoc-plugin: 3.6.3 -> 3.11.1

Please verify:

1. No breaking changes in build configuration
2. Test execution behavior remains consistent
3. Javadoc generation still works as expected

Also applies to: 234-234

✅ Verification successful

Plugin version updates appear safe to proceed

Both plugins have minimal, standard configurations that are compatible with the new versions:

• maven-surefire-plugin (3.5.2):

  • Uses standard configuration for UTF-8 encoding, test suite file, and fork control
  • No deprecated or removed features used

• maven-javadoc-plugin (3.11.1):

  • Simple configuration with Java 11 source level
  • Standard jar goal execution
  • No deprecated features or complex options used

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for surefire and javadoc plugin configurations
echo "Checking for custom surefire configurations..."
rg "<plugin>.*?<artifactId>maven-surefire-plugin.*?</plugin>" -U --multiline --type xml

echo "Checking for custom javadoc configurations..."
rg "<plugin>.*?<artifactId>maven-javadoc-plugin.*?</plugin>" -U --multiline --type xml

Length of output: 382

---

Script:

#!/bin/bash
# Let's try a different approach to find plugin configurations
echo "Checking maven-surefire-plugin configuration..."
cat pom.xml | grep -A 10 -B 2 "maven-surefire-plugin"

echo -e "\nChecking maven-javadoc-plugin configuration..."
cat pom.xml | grep -A 10 -B 2 "maven-javadoc-plugin"

echo -e "\nChecking if there are any custom configurations in profiles..."
cat pom.xml | grep -A 20 "<profile>" | grep -B 20 "</profile>" | grep -A 5 -B 5 "plugin"

Length of output: 1643

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud