Dear James, On Thu, Jun 10, 2021 at 10:34 AM jn...@cloudbees.com <jn...@cloudbees.com> wrote: > > Thus care needs to be taken before any library is updated
Of course. Yet such care was not taken when JNR was updated in December 2020. That is why nobody noticed that the JNR update also pulled in a new ASM update, and that is why Token Macro broke. We might not be happy about this, but it is too late to go back in time. My response to this event was to make core's (de facto) exposure of ASM explicit. I believe this will help core maintainers be more aware of these changes in the future and avoid this type of mistake going forward. I note that your last message did not contain any specific concrete action items and did not address my final paragraph. Absent us drawing any conclusions about what I wrote about in my final paragraph, my recommendation remains that plugins consistently follow the current status quo of either excluding or masking Guava/ASM, which works well enough (but not without the caveats you mentioned). I have provided an example of how to do this for Subversion in the comments to jenkinsci/subversion-plugin#254. If there are any additional concrete action items that I can help with in the short term, please let me know. Thanks, Basil -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjpfwteY9f_zBVtP_L3Sae7T%3Dz7XscnYLOCZxk5Kf0M5FA%40mail.gmail.com.
