On Fri, 23 Sept 2022 at 13:53, Gilles Sadowski <gillese...@gmail.com> wrote:
> Hello. > > Le ven. 23 sept. 2022 à 12:25, Alex Herbert <alex.d.herb...@gmail.com> a > écrit : > > > > The pom for RNG has many plugins that explicitly manage a version. IIUC > > this was done to surpass the version in commons parent. However this is > no > > longer required. The following plugins all have a higher version in CP 54 > > (version shown at the end of the line): > > > > <rng.pmd.version>3.14.0</rng.pmd.version> 3.19.0 > > <rng.pmd.dep.version>6.37.0</rng.pmd.dep.version> 6.49.0 > > <rng.checkstyle.version>3.1.2</rng.checkstyle.version> 3.2.0 > > <rng.checkstyle.dep.version>8.45</rng.checkstyle.dep.version> 9.3 > > <rng.antrun.version>1.8</rng.antrun.version> Managed in > > org.apache:apache parent as 3.1.0 > > <rng.surefire.version>3.0.0-M5</rng.surefire.version> 3.0.0-M7 > > <rng.junit5.version>5.7.2</rng.junit5.version> 5.9.0 > > > > I propose to update to CP 54 and then drop this version management. > > The more is managed globally the better. However, I never understood > the rationale for an upgrade (to "shared" files) that is known to break > one or more components... > It is impossible to tell if it will break something until the upgrade is performed. So managing the latest version in commons parent using dependabot will not find build errors, only update to what the plugin developer believes is the best version. Perhaps what is really needed here is dependabot to build selected derived projects as part of the version update process of a parent POM. Commons lang overrides a lot of the commons parent properties for the validation plugins. These seem to be replicas of the same version. However it does mean dependabot will open PRs and the build is tested before versions are updated in the project. Since dependabot is not used (by consensus) on RNG then this is not an option. I think I will just try to update to CP 54 and then serially drop each managed dependency, resolving any issues along the way. My aim is to simplify the RNG pom and then do the same for others with the same structure (Statistics, Numbers, Math, Geometry). Each of the other components have versions for these plugins that have drifted apart over time. Ideally all the builds should work with the same versions, and ideally the latest ones as maintained in CP. Since these are build dependencies then the maintenance benefit of a common management of versions should outweigh any upgrade issues between CP versions. Alex