geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Schuchardt <>
Subject Re: [DISCUSS] Dependency update process (split from vote)
Date Thu, 05 Apr 2018 18:16:40 GMT
The jgroups dependency must be manually changed and cannot, at this 
point, be updated.

On 4/5/18 10:35 AM, Alexander Murmann wrote:
> Splitting this from the vote thread.
> Pulkit had suggested the possibility to try updating dependencies as part
> of a regularly run job. That is very similar to the process proposed by
> Netflix's dependency lock plugin
> <>
> .
> I see lots of value in a dependency management tool that captures and uses
> more information than we currently have. I'd like to see the following
> information captured:
>     1. What is a known good set of dependencies?
>     2. Which dependencies cannot be updated safely?
> We currently have 1. in the versions properties but not 2. Having both
> pieces of information would allow for a process that updates all
> dependencies that are not known to need manual changes in order to update,
> runs tests and if successful locks down dependencies so that I can easily
> answer 1. with latest versions.
> This would cut down on manual effort and get us newer versions and their
> security patches for practically free for many libraries.
> There are of course lots of details that would need to be figured out.
> Thoughts?

View raw message