The report is useful for awareness, the issue is that we cannot
systematically update these dependencies so this diminishes the value of
the report.
I don't know if we can eventually filter some things of the report or
better to create a section for 'sensitive' dependencies that we cannot
update
I think at a minimum it shouldn't recommend major version upgrades. Almost
all projects do breaking changes there. And really a ton of projects break
things at minor versions too.
I don't have too strong an opinion. I very rarely read the report. Just
wanted to tie this together with the
Sorry, I missed Ismael's comment, but - I'd like to understand how this
report falls short. Does it flag certain dependency versions as old even
though they're still the 'de-facto' standard version?
Does it make sense to exclude dependencies that we are aware of (e.g. Avro
/ Spark / idk) while
Ismaël pointed out that the dependency upgrades recommended by this bot are
often not a good idea. Should we disable it?
Kenn
On Mon, Nov 2, 2020 at 4:31 AM Apache Jenkins Server <
jenk...@builds.apache.org> wrote:
> High Priority Dependency Updates Of Beam Python SDK:
> *Dependency Name*
High Priority Dependency Updates Of Beam Python SDK:
Dependency Name
Current Version
Latest Version
Release Date Of the Current Used Version
Release Date Of The Latest Release
JIRA Issue
chromedriver-binary
86.0.4240.22.0