Am 22.07.20 um 18:28 schrieb Stefan Bodewig:
> On 2020-07-22, Rob Tompkins wrote:
>
>> I’m happy to merge them….will get to them by tomorrow morning ok?
>
> TBH I'd prefer to turn them off and reject the PRs.
>
> Personally I don't see any value for our downstream users if we update
> our dependencies without actually needing an update - with the exception
> of security updates. I don't like the idea of forcing our users to
> update a different dependency just because they update our component, it
> should be their choice when to update what.
>
> Of course this is just my opinion and I'm not exactly known as somebody
> who embraces the idea of automatic resolution of transitive dependencies
> in the first place ;-)
Stefan has a valid point here IMHO. From out user's POV, our components
are in some sense "more compatible" if they reference the oldest
possible version of a dependency rather than the newest one.
If we upgrade dependencies rather aggressively, it would be nice to
document a version range for the dependencies that has been tested. This
could save users from possible version conflicts with other 3rd party
dependencies. Creating such a documentation is probably hard though; I
do not think that this can be automated.
Oliver
>
> Stefan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
