various dependency updates for master #863
Conversation
|
It fails on Log4j as here #836 |
|
Okay, there seems to be some minor problem with error_prone_annotations. I'll try to solve it. Warning: Error: Rule 0: org.apache.maven.plugins.enforcer.DependencyConvergence failed with message: |
|
Unfortunately, error_prone_annotations > 2.10.0 depends on Java 11 – so an upgrade is not an option for now. I'll downgrade log4j2 to 2.21.1. |
sepe81
force-pushed
the
feature/dependency-updates
branch
from
67a6b1f to
fd2cf91
Compare
|
I created ticket WW-5384 to address Log4j in S7 |
|
@lukaszlenart ready to merge or do you see any further issue? I would like to cherry pick this to v7 afterwards and add a commit for WW-5384 |
|
I wonder if we shouldn't create JIRA tickets to let users know what was upgraded in scope of this PR |
|
@lukaszlenart What kind of detail level do you prefer for such a ticket? There are many Dependabot updates nowadays without an accompanying ticket. That's why I'm somewhat puzzled about how we want to handle this consistently? |
|
I just create a simple Dependency task in JIRA with a title explaining what is going to be upgraded like here WW-5347. Yet I wonder if need to report any patch version upgrade, if all the tests passed everything should be fine. Let me ask this on the Dev group. |
|
Ok, looks like my idea with merging patch versions without a JIRA ticket is ok. Could you create a ticket to cover upgrade of Log4j from 2.20.0 to 2.21.1? This is the only major/minor upgrade in this PR. Thanks in advance! |
No description provided.