[
https://issues.apache.org/jira/browse/SENTRY-973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15047273#comment-15047273
]
Colm O hEigeartaigh commented on SENTRY-973:
--------------------------------------------
Hi [~lskuff], thanks for taking a look at the patch. Answers inline.
> Did you run into any specific issues with the older versions of the
> dependencies?
No.
> How did you choose the new versions?
By seeing which of dependencies had a new (minor) upgrade available.
> I am a bit hesitant to update the dependencies without clear motivation
> because it could introduce a regression.
Yep, that's fair enough if that's the policy of the project. From my POV, if a
regression was introduced due to a (minor) dependency update, that would
actually highlight a testing issue, as any regression should be picked up by a
failing test. Also, not picking up minor dependency updates, means you are
missing out on potential security fixes. However, this is kind of irrelevant if
the policy of the project is not to pick up minor dependency updates.
How would you like to proceed with this issue? If you want I could attach a
second patch, which only contains dependency updates relating to testing, which
wouldn't have an effect on deployment.
Colm.
> Update dependencies
> -------------------
>
> Key: SENTRY-973
> URL: https://issues.apache.org/jira/browse/SENTRY-973
> Project: Sentry
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Priority: Trivial
> Fix For: 1.7.0
>
> Attachments: SENTRY-973.patch
>
>
> Some of the dependencies used in the project are quite old and could be
> updated.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
