Re: Re: Dependency version upgrade policy
Master will be upgraded to 2.9.x as part of the Spring Boot 2 upgrade.
On Sun, Mar 25, 2018 at 5:08 PM, Darius Cooper <dariuscooper@xxxxxxxxx> wrote:
> Yes, I was thinking about 2.20.x
> But, I thought the same could be done in the ongoing master, since that
> uses 2.8.10 of jackson-databind at this point?
> On Sat, Mar 24, 2018 at 5:10 AM, Andrea Cosentino <
> firstname.lastname@example.org> wrote:
>> Do you mean on 2.20.x? Yeah, upgrade of this kind are welcome
>> Inviato da Yahoo Mail su Android
>> Il sab, 24 mar, 2018 alle 9:07, Claus Ibsen<claus.ibsen@xxxxxxxxx> ha
>> scritto: Hi
>> Yeah sure you can submit a PR to update that.
>> We generally always want to update to newer patch releases.
>> On Sat, Mar 24, 2018 at 1:25 AM, Darius Cooper <dariuscooper@xxxxxxxxx>
>> > What is Camel's policy on upgrading versions of dependencies used? For
>> > example, is there any policy that says that dependencies will not be
>> > upgraded with minor version number increments, or path increments, or
>> > such?
>> > Example:
>> > Camel 2.20.x uses jackson-databind 2.8.10
>> > I see a comment in Camel code that jackson-datbind 2.9.x does not work
>> > the Camel swagger component.
>> > Meanwhile, jackson-databind has a 22.214.171.124 , which fixes some reported
>> > vulnerabilities.
>> > Would the Camel team be open to going to the latest 2.8.x version of
>> > jackson-databind?
>> Claus Ibsen
>> http://davsclaus.com @davsclaus
>> Camel in Action 2: https://www.manning.com/ibsen2
Camel in Action 2: https://www.manning.com/ibsen2