git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Dependency version upgrade policy


Yes, I was thinking about 2.20.x

But, I thought the same could be done in the ongoing master, since that
uses 2.8.10 of jackson-databind at this point?

On Sat, Mar 24, 2018 at 5:10 AM, Andrea Cosentino <
ancosen1985@xxxxxxxxx.invalid> wrote:

> Do you mean on 2.20.x? Yeah, upgrade of this kind are welcome
>
> Inviato da Yahoo Mail su Android
>
>   Il sab, 24 mar, 2018 alle 9:07, Claus Ibsen<claus.ibsen@xxxxxxxxx> ha
> scritto:   Hi
>
> Yeah sure you can submit a PR to update that.
> We generally always want to update to newer patch releases.
>
>
> On Sat, Mar 24, 2018 at 1:25 AM, Darius Cooper <dariuscooper@xxxxxxxxx>
> wrote:
> > What is Camel's policy on upgrading versions of dependencies used? For
> > example, is there any policy that says that dependencies will not be
> > upgraded with minor version number increments, or path increments, or
> some
> > such?
> >
> > Example:
> > Camel 2.20.x uses jackson-databind  2.8.10
> >
> > I see a comment in Camel code that jackson-datbind 2.9.x does not work
> well
> > the Camel swagger component.
> >
> > Meanwhile, jackson-databind has a 2.8.11.1 , which fixes some reported
> > vulnerabilities.
> >
> > Would the Camel team be open to going to the latest 2.8.x version of
> > jackson-databind?
>
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
>
>