[
https://issues.apache.org/jira/browse/FINERACT-805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Vorburger updated FINERACT-805:
---------------------------------------
Description:
This came up during (the review of) FINERACT-797:
[The Spring Boot
BOM|https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot-dependencies/pom.xml]
provides "curated" version numbers for many more 3rd party dependencies that
the initial [PR #662|https://github.com/apache/fineract/pull/662/] for
FINERACT-797 uses.
The following 3rd-party libraries' fixed version numbers in build.gradle could
probably also be dropped, and replaced with a version given by the Spring BOM,
as these appear in the Spring Boot BOM (not everything does, but these do;
bonus points for finding more):
* GSON
* Joda Time
* junit:junit (but not junit-dep; what is that, could it be dropped?)
* commons-lang3
* org.apache.httpcomponents:httpclient
* org.apache.activemq:activemq-broker
* javax.validation:validation-api
* Quartz Scheduler
* ehcache
* json-path (FINERACT-964)
* Flyway (FINERACT-810)
* OkHttp (major version change; we have dedicated FINERACT-804 re. this)
* rest-assured (major version change from v2 to v3; possibly more invasive)
* org.apache.tomcat & org.apache.tomcat.embed (NB Spring BOM's 9.0.27 vs. our
7.0.94)
It's surely best to raise small PRs for each one of these, instead of one big
one for everything together.
was:
This came up during (the review of) FINERACT-797:
[The Spring Boot
BOM|https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot-dependencies/pom.xml]
provides "curated" version numbers for many more 3rd party dependencies that
the initial [PR #662|https://github.com/apache/fineract/pull/662/] for
FINERACT-797 uses.
The following 3rd-party libraries' fixed version numbers in build.gradle could
probably also be dropped, and replaced with a version given by the Spring BOM,
as these appear in the Spring Boot BOM (not everything does, but these do;
bonus points for finding more):
* GSON
* Joda Time
* junit:junit (but not junit-dep; what is that, could it be dropped?)
* commons-lang3
* org.apache.httpcomponents:httpclient
* org.apache.activemq:activemq-broker
* javax.validation:validation-api
* Quartz Scheduler
* ehcache
* json-path
* Flyway
* OkHttp (major version change; we have dedicated FINERACT-804 re. this)
* rest-assured (major version change from v2 to v3; possibly more invasive)
* org.apache.tomcat & org.apache.tomcat.embed (NB Spring BOM's 9.0.27 vs. our
7.0.94)
It's surely best to raise small PRs for each one of these, instead of one big
one for everything together.
> Drop more fixed version numbers in build.gradle by replacing them with Spring
> BOM version
> -----------------------------------------------------------------------------------------
>
> Key: FINERACT-805
> URL: https://issues.apache.org/jira/browse/FINERACT-805
> Project: Apache Fineract
> Issue Type: Improvement
> Reporter: Michael Vorburger
> Priority: Major
> Labels: technical
> Fix For: 1.4.0
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> This came up during (the review of) FINERACT-797:
> [The Spring Boot
> BOM|https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot-dependencies/pom.xml]
> provides "curated" version numbers for many more 3rd party dependencies that
> the initial [PR #662|https://github.com/apache/fineract/pull/662/] for
> FINERACT-797 uses.
> The following 3rd-party libraries' fixed version numbers in build.gradle
> could probably also be dropped, and replaced with a version given by the
> Spring BOM, as these appear in the Spring Boot BOM (not everything does, but
> these do; bonus points for finding more):
> * GSON
> * Joda Time
> * junit:junit (but not junit-dep; what is that, could it be dropped?)
> * commons-lang3
> * org.apache.httpcomponents:httpclient
> * org.apache.activemq:activemq-broker
> * javax.validation:validation-api
> * Quartz Scheduler
> * ehcache
> * json-path (FINERACT-964)
> * Flyway (FINERACT-810)
> * OkHttp (major version change; we have dedicated FINERACT-804 re. this)
> * rest-assured (major version change from v2 to v3; possibly more invasive)
> * org.apache.tomcat & org.apache.tomcat.embed (NB Spring BOM's 9.0.27 vs.
> our 7.0.94)
> It's surely best to raise small PRs for each one of these, instead of one big
> one for everything together.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
