[jira] [Commented] (FINERACT-805) Drop more fixed version numbers in build.gradle by replacing them with Spring BOM version

[Michael Vorburger (Jira)]

    [ 
https://issues.apache.org/jira/browse/FINERACT-805?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17098197#comment-17098197
 ] 

Michael Vorburger commented on FINERACT-805:
--------------------------------------------

My list above is wrong.. many of those are marked with version {{:+}} in 
build.gradle, which seems to mean "latest available version available in Spring 
BOM" - is that correct, [~xurror]? I've attempted to remove the lines with + 
and noticed that causes some dependencies to fall back to older versions. (I 
couldn't easily find clear doc about it.)

The goal of this issue shouldn't be to remove those lines with + but instead to 
make more of the lines with the fixed version have a + so that they move along 
with updates from the Spring BOM, whenever we bump that...

> Drop more fixed version numbers in build.gradle by replacing them with Spring 
> BOM version
> -----------------------------------------------------------------------------------------
>
>                 Key: FINERACT-805
>                 URL: https://issues.apache.org/jira/browse/FINERACT-805
>             Project: Apache Fineract
>          Issue Type: Improvement
>            Reporter: Michael Vorburger
>            Priority: Major
>              Labels: technical
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> This came up during (the review of) FINERACT-797:
> [The Spring Boot 
> BOM|https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot-dependencies/pom.xml]
>  provides "curated" version numbers for many more 3rd party dependencies that 
> the initial [PR #662|https://github.com/apache/fineract/pull/662/] for 
> FINERACT-797 uses.
> The following 3rd-party libraries' fixed version numbers in build.gradle 
> could probably also be dropped, and replaced with a version given by the 
> Spring BOM, as these appear in the Spring Boot BOM (not everything does, but 
> these do; bonus points for finding more):
>  * GSON
>  * Joda Time
>  * junit:junit (but not junit-dep; what is that, could it be dropped?)
>  * commons-lang3
>  * org.apache.httpcomponents:httpclient
>  * org.apache.activemq:activemq-broker
>  * javax.validation:validation-api
>  * Quartz Scheduler
>  * ehcache
>  * json-path
>  * Flyway
>  * OkHttp (major version change; we have dedicated FINERACT-804 re. this)
>  * rest-assured (major version change from v2 to v3; possibly more invasive)
>  * org.apache.tomcat & org.apache.tomcat.embed (NB Spring BOM's 9.0.27 vs. 
> our 7.0.94)
> It's surely best to raise small PRs for each one of these, instead of one big 
> one for everything together.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)