[
https://issues.apache.org/jira/browse/AMQ-8513?focusedWorklogId=757807&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-757807
]
ASF GitHub Bot logged work on AMQ-8513:
---------------------------------------
Author: ASF GitHub Bot
Created on: 18/Apr/22 09:33
Start Date: 18/Apr/22 09:33
Worklog Time Spent: 10m
Work Description: gemmellr commented on code in PR #782:
URL: https://github.com/apache/activemq/pull/782#discussion_r852003344
##########
activemq-openwire-generator/pom.xml:
##########
@@ -44,9 +44,9 @@
<artifactId>annogen</artifactId>
</dependency>
<dependency>
- <groupId>ant</groupId>
+ <groupId>org.apache.ant</groupId>
<artifactId>ant</artifactId>
- <version>1.6.2</version>
+ <version>1.10.12</version>
Review Comment:
Yes they are transitive. No that doesnt make it OK. If the point is to
upgrade to get CVEs fixes for example then they all need to be upgraded to
actually achieve that. You wouldnt leave an old log4j 2.13 dep in place for
example just because its transitive. The build should generally align on 1
version unless there is good reason not to.
Issue Time Tracking
-------------------
Worklog Id: (was: 757807)
Time Spent: 1h 50m (was: 1h 40m)
> Upgrade to ant 1.10.12
> ----------------------
>
> Key: AMQ-8513
> URL: https://issues.apache.org/jira/browse/AMQ-8513
> Project: ActiveMQ
> Issue Type: Dependency upgrade
> Reporter: Jean-Baptiste Onofré
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 5.17.1, 5.16.5
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
