Hi Beam developers, (I'm thinking to contribute to upgrades of Java dependencies of Beam; I just read https://beam.apache.org/contribute/dependencies/)
As per the weekly report, Apache Beam Java SDK only has 8 outdated dependencies based on the criteria. However, it seems many others are not up-to-date. For example Guava 20.0 used in Beam <https://github.com/apache/beam/blob/d692d2f/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy#L375> is not the latest major release. Why do some outdated dependencies not appear in this report? Regards, Tomo On Mon, Nov 11, 2019 at 7:05 AM Apache Jenkins Server < jenk...@builds.apache.org> wrote: > High Priority Dependency Updates Of Beam Python SDK: > *Dependency Name* *Current Version* *Latest Version* *Release Date Of the > Current Used Version* *Release Date Of The Latest Release* *JIRA Issue* > mock <https://pypi.org/project/mock> 2.0.0 3.0.5 2019-05-20 2019-05-20 > BEAM-7369 <https://issues.apache.org/jira/browse/BEAM-7369> > oauth2client <https://pypi.org/project/oauth2client> 3.0.0 4.1.3 > 2018-12-10 2018-12-10 BEAM-6089 > <https://issues.apache.org/jira/browse/BEAM-6089> > Sphinx <https://pypi.org/project/Sphinx> 1.8.5 2.2.1 2019-05-20 2019-10-28 > BEAM-7370 <https://issues.apache.org/jira/browse/BEAM-7370> High Priority > Dependency Updates Of Beam Java SDK: > *Dependency Name* *Current Version* *Latest Version* *Release Date Of the > Current Used Version* *Release Date Of The Latest Release* *JIRA Issue* > com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin > <https://mvnrepository.com/artifact/com.github.ben-manes.versions/com.github.ben-manes.versions.gradle.plugin> > 0.20.0 0.27.0 2019-02-11 2019-10-21 BEAM-6645 > <https://issues.apache.org/jira/browse/BEAM-6645> > com.github.spotbugs:spotbugs > <https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs> 3.1.12 > 4.0.0-beta4 2019-03-01 2019-09-18 BEAM-7792 > <https://issues.apache.org/jira/browse/BEAM-7792> > com.github.spotbugs:spotbugs-annotations > <https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations> > 3.1.12 4.0.0-beta4 2019-03-01 2019-09-18 BEAM-6951 > <https://issues.apache.org/jira/browse/BEAM-6951> > javax.servlet:javax.servlet-api > <https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api> 3.1.0 > 4.0.1 2013-04-25 2018-04-20 BEAM-5750 > <https://issues.apache.org/jira/browse/BEAM-5750> > org.conscrypt:conscrypt-openjdk > <https://mvnrepository.com/artifact/org.conscrypt/conscrypt-openjdk> 1.1.3 > 2.2.1 2018-06-04 2019-08-08 BEAM-5748 > <https://issues.apache.org/jira/browse/BEAM-5748> > org.eclipse.jetty:jetty-server > <https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server> > 9.2.10.v20150310 10.0.0-alpha0 2015-03-10 2019-07-11 BEAM-5752 > <https://issues.apache.org/jira/browse/BEAM-5752> > org.eclipse.jetty:jetty-servlet > <https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-servlet> > 9.2.10.v20150310 10.0.0-alpha0 2015-03-10 2019-07-11 BEAM-5753 > <https://issues.apache.org/jira/browse/BEAM-5753> > Gradle: <https://mvnrepository.com/artifact/Gradle/> 5.2.1 6.0 2019-08-19 > 2019-11-11 BEAM-8002 <https://issues.apache.org/jira/browse/BEAM-8002> A > dependency update is high priority if it satisfies one of following > criteria: > > - It has major versions update available, e.g. > org.assertj:assertj-core 2.5.0 -> 3.10.0; > > > - It is over 3 minor versions behind the latest version, e.g. > org.tukaani:xz 1.5 -> 1.8; > > > - The current version is behind the later version for over 180 days, > e.g. com.google.auto.service:auto-service 2014-10-24 -> 2017-12-11. > > In Beam, we make a best-effort attempt at keeping all dependencies > up-to-date. In the future, issues will be filed and tracked for these > automatically, but in the meantime you can search for existing issues or > open a new one. For more information: Beam Dependency Guide > <https://beam.apache.org/contribute/dependencies/> > -- Regards, Tomo
