[
https://issues.apache.org/jira/browse/DAFFODIL-2269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17219236#comment-17219236
]
John Interrante edited comment on DAFFODIL-2269 at 10/22/20, 6:39 PM:
----------------------------------------------------------------------
The best sbt equivalent of "mvn versions:display-dependency-updates" and "mvn
versions:display-plugin-updates" appears to be
[https://github.com/rtimush/sbt-updates] which was last updated 2 days ago. A
blogger also did a good job explaining how Maven, Ivy, and Coursier differ in
handling version ordering and version ranges
([https://eed3si9n.com/dependency-resolver-semantics]). Once we have an
updated list of newer versions, someone has to read each upgraded dependency's
release notes or changelog to make sure the newer versions are upwardly
compatible or worth the upgrade cost.
It's also important to verify that LICENSES and NOTICES haven't changed for
dependencies. In most cases they haven't, but we do need to verify that.
was (Author: interran):
The best sbt equivalent of "mvn versions:display-dependency-updates" and "mvn
versions:display-plugin-updates" appears to be
[https://github.com/rtimush/sbt-updates] which was last updated 2 days ago. A
blogger also did a good job explaining how Maven, Ivy, and Coursier differ in
handling version ordering and version ranges
([https://eed3si9n.com/dependency-resolver-semantics]). Once we have an
updated list of newer versions, someone has to read each upgraded dependency's
release notes or changelog to make sure the newer versions are upwardly
compatible or worth the upgrade cost.
> Update to latest dependencies
> -----------------------------
>
> Key: DAFFODIL-2269
> URL: https://issues.apache.org/jira/browse/DAFFODIL-2269
> Project: Daffodil
> Issue Type: Improvement
> Components: Infrastructure
> Reporter: Steve Lawrence
> Priority: Major
>
> Many of our depedencies have newer versions released than what we currently
> depend on. We should look into updating these dependencies to make sure we
> have the latest security and bug fixes. The results of the sbt-updates plugin
> currently show the following (where the right side shows the version we
> depend on -> the newest minor version -> the newest major version):
> {code}
> com.fasterxml.jackson.core:jackson-core : 2.9.6 -> 2.9.10 -> 2.10.2
> com.fasterxml.woodstox:woodstox-core : 5.1.0 -> 5.3.0 -> 6.0.3
> com.ibm.icu:icu4j : 62.1 -> 62.2 -> 65.1
> com.typesafe.genjavadoc:genjavadoc-plugin : 0.11 -> 0.15
> junit:junit : 4.12 -> 4.13
> org.rogach:scallop : 3.1.3 -> 3.1.5 -> 3.3.2
> org.scala-lang.modules:scala-parser-combinators : 1.1.1 -> 1.1.2
> org.scala-lang.modules:scala-xml : 1.1.0 -> 1.1.1 -> 1.2.0
> org.scala-lang:scala-library : 2.12.6 -> 2.12.10 -> 2.13.1
> org.scala-lang:scala-reflect : 2.12.6 -> 2.12.10 -> 2.13.1
> org.scalacheck:scalacheck : 1.14.0 -> 1.14.3
> {code}
> Also, the plugins we use have updates:
> {code}
> com.typesafe.sbt:sbt-native-packager : 1.3.17 -> 1.3.25 -> 1.5.2
> org.scoverage:sbt-scoverage : 1.5.1 -> 1.6.1
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
