[
https://issues.apache.org/jira/browse/WICKET-6625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16730730#comment-16730730
]
Martin Grigorov commented on WICKET-6625:
-----------------------------------------
Another problem:
{code:java}
+- com.github.openjson:openjson:jar:1.0.10:compile (version selected from
constraint [1.0.10,1.99.0))
[INFO] | +- org.apache.wicket:wicket-request:jar:9.0.0-SNAPSHOT:compile
[INFO] | +- org.apache.wicket:wicket-util:jar:9.0.0-SNAPSHOT:compile
[INFO] | | +- commons-fileupload:commons-fileupload:jar:1.4:compile (version
selected from constraint [1.4,1.99.0))
[INFO] | | +- org.apache.commons:commons-collections4:jar:4.3-SNAPSHOT:compile
(version selected from constraint [4.2,4.99.0))
[INFO] | | \- org.junit.jupiter:junit-jupiter-engine:jar:5.4.0-M1:test (version
selected from constraint [5.3.2,6.0.0)) (optional)
{code}
commons-collections4:jar:*4.3-SNAPSHOT:compile (version selected from
constraint [4.2,4.99.0))*
A -SNAPSHOT version has been selected !
We definitely do not want this!
> Use Maven range version for dependencies
> ----------------------------------------
>
> Key: WICKET-6625
> URL: https://issues.apache.org/jira/browse/WICKET-6625
> Project: Wicket
> Issue Type: Task
> Components: wicket, wicket-cdi, wicket-extensions, wicket-guice,
> wicket-http2, wicket-spring
> Affects Versions: 7.11.0, 8.2.0
> Reporter: Martin Grigorov
> Assignee: Martin Grigorov
> Priority: Major
>
> We should use Maven range version for 3rd party dependencies, e.g.
> [2.0.0,3.0.0).
> This way Wicket will automatically use the latest released version of the
> dependency (without major upgrades).
> This will help to avoid using vulnerable dependencies in Wicket releases.
> The applications can always use a specific version of any dependency, i.e.
> upgrade or downgrade it, if needed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
