On 12/11/2020 23:56, Aaron Coburn wrote:
Thanks, that was a bit of work from a question about just one dependency,
:-)
BTW was there a particular fix in HttpClient 4.5.13 that you wanted?
Elsewhere [*], I have been through all the HTTP APIs in Jena, which have
lots of history, restructured them to update the style (e.g.
QueryExecutionHttp.Builder)
It's java11 use java.net.http which I found to be easy to use. It has
async support and internally it is truly async I/O inside.
Andy
[*] https://github.com/afs/jena-http
but hopefully this will make maintenance quite a lot easier going forward.
Aaron
On Thu, Nov 12, 2020, 12:54 Andy Seaborne <[email protected]> wrote:
OK - I think it is tamed for now!
A lot of updates, nothing serious showing up. The build became unstable
due to trying to do too much in one go but should now be green - it is
at TravisCI.
Andy
== Process
dependabot is administered by the file
<root>/.github/dependabot.yml
Currently, set to run monthly.
There is no other setting for on/off; if it is there, dependabot runs
This is not all good; it runs for clones of the repo but they don't any
tidy and suppression of unwanted updates.
The "schedule" is required otherwise it could be manual and run from GH
UI via "Insights" -> "Dependency Graph" -> "Dependabot".
== This cycle
There are a couple for major upgrades highlighted:
* Lucene 7 -> 8
* org.osgi.core 5.0.0 -> 6.0.0
(nothing done about them)
Too near to a release for org.osgi.core and Lucene 7->8 is a major
decision and there is no rush that I'm aware of.
* jena-elephas : Uses hadoop 2, guava 11 - I hope I've told the
dependabot to ignore these.
It's the Guava bit that I'm unsure about as we have two different
dependencies.
== Things that broke:
GeoSPARQL
SIS 0.8 -> 1.0 : test failure
(left at 0.8, JENA-1996)
jena-sdb : hsql v2
Left at v1
== Notes
1/
Derby 10.15.x.y requires java9, so updated only as far as 10.14.x.y and
then dependabot asked to ignore the minor version.
(used for testing by jena-sdb by jena-geosparql)
2/
The updated shade plugin has some new warnings about overlapping files.
It looks safe, needs checking (and maybe there are shading transformers
to merge the files).
== Updates done
HttpClient to 4.5.13
commons-lang3 from 3.10 to 3.11
guava 29-jre to 30-jre (shaded)
spatial4j from 0.6 to 0.7
airline.version from 2.1.1 to 2.8.0
jts-core from 1.16.1 to 1.17.1
shiro from 1.5.1 to 1.7.0
jackson from 2.10.1 to 2.11.3
commons-codec 1.14 to 1.15
commons-io from 2.6 to 2.8.0
micrometer from 1.5.5 to 1.6.1
jcommander from 1.72 to 1.78
and plugins.
Andy
