Denis, > I would respond why do we need to update? Some bug, new capabilities, > security breach? Alexey K., please shed some light on this.
There is no special purpose, I just accidentally found that we are using very old dependency. It is common practice (especially in web development (as example)) update dependencies from time to time. I think if users will use in their projects commons-codec + ignite it may lead to jar conflicts at some point (user will use latest common-codecs and in ignite we use old one). Make sense? On Thu, Aug 17, 2017 at 7:29 AM, Dmitriy Setrakyan <dsetrak...@apache.org> wrote: > On Wed, Aug 16, 2017 at 5:26 PM, Denis Magda <dma...@apache.org> wrote: > > > I would respond why do we need to update? Some bug, new capabilities, > > security breach? Alexey K., please shed some light on this. > > > > Actually, now that I think of it, why do we even have that dependency? But > if you do, and upgrading does not introduce any bugs, I would upgrade, so > we do not create version conflicts on user side. > > > > > > — > > Denis > > > > > On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan <dsetrak...@apache.org> > > wrote: > > > > > > On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <dma...@apache.org> > wrote: > > > > > >> Honestly, I wouldn’t touch a dependency if it works like a charm and > > >> nobody requested us to migrate to a new version. > > >> > > >> Why do you need to update Apache Common coded? > > >> > > > > > > Not sure I agree. Why not update it? > > > > > > > > >> > > >> > > >> — > > >> Denis > > >> > > >>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov < > akuznet...@apache.org> > > >> wrote: > > >>> > > >>> Done > > >>> > > >>> https://issues.apache.org/jira/browse/IGNITE-6090 > > >>> > > >>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < > > >> dsetrak...@apache.org> > > >>> wrote: > > >>> > > >>>> The answer is Yes, we should update. Jira ticket assigned to the > next > > >>>> release should be enough in my view. > > >>>> > > >>>> D. > > >>>> > > >>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < > > >> akuznet...@apache.org> > > >>>> wrote: > > >>>> > > >>>>> Hi, All! > > >>>>> > > >>>>> Do we have any policy for updating third-party dependencies? > > >>>>> > > >>>>> For example, I found that we are using very old Apache Common > codec > > >>>> v.1.6 > > >>>>> (released in 2011) > > >>>>> And latest is Apache Common codec v.1.10 > > >>>>> > > >>>>> Do we need to update to new versions from time to time? > > >>>>> And how? > > >>>>> > > >>>>> Just create JIRA issue, update pom.xml and run all tests on TC - > will > > >> be > > >>>>> enough? > > >>>>> > > >>>>> -- > > >>>>> Alexey Kuznetsov > > >>>>> > > >>>> > > >>> > > >>> > > >>> > > >>> -- > > >>> Alexey Kuznetsov > > >> > > >> > > > > > -- Alexey Kuznetsov
