Policy for update third-party dependencies
Locked
Policy for update third-party dependencies
 
|
Hi, All!
Do we have any policy for updating third-party dependencies? For example, I found that we are using very old Apache Common codec v.1.6 (released in 2011) And latest is Apache Common codec v.1.10 Do we need to update to new versions from time to time? And how? Just create JIRA issue, update pom.xml and run all tests on TC - will be enough? -- Alexey Kuznetsov |
Re: Policy for update third-party dependencies
|
The answer is Yes, we should update. Jira ticket assigned to the next
release should be enough in my view. D. On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov <[hidden email]> wrote: > Hi, All! > > Do we have any policy for updating third-party dependencies? > > For example, I found that we are using very old Apache Common codec v.1.6 > (released in 2011) > And latest is Apache Common codec v.1.10 > > Do we need to update to new versions from time to time? > And how? > > Just create JIRA issue, update pom.xml and run all tests on TC - will be > enough? > > -- > Alexey Kuznetsov > |
Re: Policy for update third-party dependencies
|
|
Done
https://issues.apache.org/jira/browse/IGNITE-6090 On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan <[hidden email]> wrote: > The answer is Yes, we should update. Jira ticket assigned to the next > release should be enough in my view. > > D. > > On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov <[hidden email]> > wrote: > > > Hi, All! > > > > Do we have any policy for updating third-party dependencies? > > > > For example, I found that we are using very old Apache Common codec > v.1.6 > > (released in 2011) > > And latest is Apache Common codec v.1.10 > > > > Do we need to update to new versions from time to time? > > And how? > > > > Just create JIRA issue, update pom.xml and run all tests on TC - will be > > enough? > > > > -- > > Alexey Kuznetsov > > > -- Alexey Kuznetsov |
|
|
Honestly, I wouldn’t touch a dependency if it works like a charm and nobody requested us to migrate to a new version.
Why do you need to update Apache Common coded? — Denis > On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov <[hidden email]> wrote: > > Done > > https://issues.apache.org/jira/browse/IGNITE-6090 > > On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan <[hidden email]> > wrote: > >> The answer is Yes, we should update. Jira ticket assigned to the next >> release should be enough in my view. >> >> D. >> >> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov <[hidden email]> >> wrote: >> >>> Hi, All! >>> >>> Do we have any policy for updating third-party dependencies? >>> >>> For example, I found that we are using very old Apache Common codec >> v.1.6 >>> (released in 2011) >>> And latest is Apache Common codec v.1.10 >>> >>> Do we need to update to new versions from time to time? >>> And how? >>> >>> Just create JIRA issue, update pom.xml and run all tests on TC - will be >>> enough? >>> >>> -- >>> Alexey Kuznetsov >>> >> > > > > -- > Alexey Kuznetsov |
Re: Policy for update third-party dependencies
|
|
On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <[hidden email]> wrote:
> Honestly, I wouldn’t touch a dependency if it works like a charm and > nobody requested us to migrate to a new version. > > Why do you need to update Apache Common coded? > Not sure I agree. Why not update it? > > > — > Denis > > > On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov <[hidden email]> > wrote: > > > > Done > > > > https://issues.apache.org/jira/browse/IGNITE-6090 > > > > On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < > [hidden email]> > > wrote: > > > >> The answer is Yes, we should update. Jira ticket assigned to the next > >> release should be enough in my view. > >> > >> D. > >> > >> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < > [hidden email]> > >> wrote: > >> > >>> Hi, All! > >>> > >>> Do we have any policy for updating third-party dependencies? > >>> > >>> For example, I found that we are using very old Apache Common codec > >> v.1.6 > >>> (released in 2011) > >>> And latest is Apache Common codec v.1.10 > >>> > >>> Do we need to update to new versions from time to time? > >>> And how? > >>> > >>> Just create JIRA issue, update pom.xml and run all tests on TC - will > be > >>> enough? > >>> > >>> -- > >>> Alexey Kuznetsov > >>> > >> > > > > > > > > -- > > Alexey Kuznetsov > > |
|
|
I would respond why do we need to update? Some bug, new capabilities, security breach? Alexey K., please shed some light on this.
— Denis > On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan <[hidden email]> wrote: > > On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <[hidden email]> wrote: > >> Honestly, I wouldn’t touch a dependency if it works like a charm and >> nobody requested us to migrate to a new version. >> >> Why do you need to update Apache Common coded? >> > > Not sure I agree. Why not update it? > > >> >> >> — >> Denis >> >>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov <[hidden email]> >> wrote: >>> >>> Done >>> >>> https://issues.apache.org/jira/browse/IGNITE-6090 >>> >>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < >> [hidden email]> >>> wrote: >>> >>>> The answer is Yes, we should update. Jira ticket assigned to the next >>>> release should be enough in my view. >>>> >>>> D. >>>> >>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < >> [hidden email]> >>>> wrote: >>>> >>>>> Hi, All! >>>>> >>>>> Do we have any policy for updating third-party dependencies? >>>>> >>>>> For example, I found that we are using very old Apache Common codec >>>> v.1.6 >>>>> (released in 2011) >>>>> And latest is Apache Common codec v.1.10 >>>>> >>>>> Do we need to update to new versions from time to time? >>>>> And how? >>>>> >>>>> Just create JIRA issue, update pom.xml and run all tests on TC - will >> be >>>>> enough? >>>>> >>>>> -- >>>>> Alexey Kuznetsov >>>>> >>>> >>> >>> >>> >>> -- >>> Alexey Kuznetsov >> >> |
Re: Policy for update third-party dependencies
|
|
On Wed, Aug 16, 2017 at 5:26 PM, Denis Magda <[hidden email]> wrote:
> I would respond why do we need to update? Some bug, new capabilities, > security breach? Alexey K., please shed some light on this. > Actually, now that I think of it, why do we even have that dependency? But if you do, and upgrading does not introduce any bugs, I would upgrade, so we do not create version conflicts on user side. > > — > Denis > > > On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan <[hidden email]> > wrote: > > > > On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <[hidden email]> wrote: > > > >> Honestly, I wouldn’t touch a dependency if it works like a charm and > >> nobody requested us to migrate to a new version. > >> > >> Why do you need to update Apache Common coded? > >> > > > > Not sure I agree. Why not update it? > > > > > >> > >> > >> — > >> Denis > >> > >>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov <[hidden email]> > >> wrote: > >>> > >>> Done > >>> > >>> https://issues.apache.org/jira/browse/IGNITE-6090 > >>> > >>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < > >> [hidden email]> > >>> wrote: > >>> > >>>> The answer is Yes, we should update. Jira ticket assigned to the next > >>>> release should be enough in my view. > >>>> > >>>> D. > >>>> > >>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < > >> [hidden email]> > >>>> wrote: > >>>> > >>>>> Hi, All! > >>>>> > >>>>> Do we have any policy for updating third-party dependencies? > >>>>> > >>>>> For example, I found that we are using very old Apache Common codec > >>>> v.1.6 > >>>>> (released in 2011) > >>>>> And latest is Apache Common codec v.1.10 > >>>>> > >>>>> Do we need to update to new versions from time to time? > >>>>> And how? > >>>>> > >>>>> Just create JIRA issue, update pom.xml and run all tests on TC - will > >> be > >>>>> enough? > >>>>> > >>>>> -- > >>>>> Alexey Kuznetsov > >>>>> > >>>> > >>> > >>> > >>> > >>> -- > >>> Alexey Kuznetsov > >> > >> > > |
Re: Policy for update third-party dependencies
|
|
Denis,
> I would respond why do we need to update? Some bug, new capabilities, > security breach? Alexey K., please shed some light on this. There is no special purpose, I just accidentally found that we are using very old dependency. It is common practice (especially in web development (as example)) update dependencies from time to time. I think if users will use in their projects commons-codec + ignite it may lead to jar conflicts at some point (user will use latest common-codecs and in ignite we use old one). Make sense? On Thu, Aug 17, 2017 at 7:29 AM, Dmitriy Setrakyan <[hidden email]> wrote: > On Wed, Aug 16, 2017 at 5:26 PM, Denis Magda <[hidden email]> wrote: > > > I would respond why do we need to update? Some bug, new capabilities, > > security breach? Alexey K., please shed some light on this. > > > > Actually, now that I think of it, why do we even have that dependency? But > if you do, and upgrading does not introduce any bugs, I would upgrade, so > we do not create version conflicts on user side. > > > > > > — > > Denis > > > > > On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan <[hidden email]> > > wrote: > > > > > > On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <[hidden email]> > wrote: > > > > > >> Honestly, I wouldn’t touch a dependency if it works like a charm and > > >> nobody requested us to migrate to a new version. > > >> > > >> Why do you need to update Apache Common coded? > > >> > > > > > > Not sure I agree. Why not update it? > > > > > > > > >> > > >> > > >> — > > >> Denis > > >> > > >>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov < > [hidden email]> > > >> wrote: > > >>> > > >>> Done > > >>> > > >>> https://issues.apache.org/jira/browse/IGNITE-6090 > > >>> > > >>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < > > >> [hidden email]> > > >>> wrote: > > >>> > > >>>> The answer is Yes, we should update. Jira ticket assigned to the > next > > >>>> release should be enough in my view. > > >>>> > > >>>> D. > > >>>> > > >>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < > > >> [hidden email]> > > >>>> wrote: > > >>>> > > >>>>> Hi, All! > > >>>>> > > >>>>> Do we have any policy for updating third-party dependencies? > > >>>>> > > >>>>> For example, I found that we are using very old Apache Common > codec > > >>>> v.1.6 > > >>>>> (released in 2011) > > >>>>> And latest is Apache Common codec v.1.10 > > >>>>> > > >>>>> Do we need to update to new versions from time to time? > > >>>>> And how? > > >>>>> > > >>>>> Just create JIRA issue, update pom.xml and run all tests on TC - > will > > >> be > > >>>>> enough? > > >>>>> > > >>>>> -- > > >>>>> Alexey Kuznetsov > > >>>>> > > >>>> > > >>> > > >>> > > >>> > > >>> -- > > >>> Alexey Kuznetsov > > >> > > >> > > > > > -- Alexey Kuznetsov |
|
|
In reply to this post by dmagda
If the third party library is incompatible with the new version and the
old version (such as lucene3.5.0-5.5.2), and the dependent version of Ignite is older, it may cause conflicts in the user's system. For such scenarios, I think that updating third-party dependencies's major version is valuable. 在 2017/8/17 上午8:26, Denis Magda 写道: > I would respond why do we need to update? Some bug, new capabilities, security breach? Alexey K., please shed some light on this. > > — > Denis > >> On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan <[hidden email]> wrote: >> >> On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <[hidden email]> wrote: >> >>> Honestly, I wouldn’t touch a dependency if it works like a charm and >>> nobody requested us to migrate to a new version. >>> >>> Why do you need to update Apache Common coded? >>> >> Not sure I agree. Why not update it? >> >> >>> >>> — >>> Denis >>> >>>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov <[hidden email]> >>> wrote: >>>> Done >>>> >>>> https://issues.apache.org/jira/browse/IGNITE-6090 >>>> >>>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < >>> [hidden email]> >>>> wrote: >>>> >>>>> The answer is Yes, we should update. Jira ticket assigned to the next >>>>> release should be enough in my view. >>>>> >>>>> D. >>>>> >>>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < >>> [hidden email]> >>>>> wrote: >>>>> >>>>>> Hi, All! >>>>>> >>>>>> Do we have any policy for updating third-party dependencies? >>>>>> >>>>>> For example, I found that we are using very old Apache Common codec >>>>> v.1.6 >>>>>> (released in 2011) >>>>>> And latest is Apache Common codec v.1.10 >>>>>> >>>>>> Do we need to update to new versions from time to time? >>>>>> And how? >>>>>> >>>>>> Just create JIRA issue, update pom.xml and run all tests on TC - will >>> be >>>>>> enough? >>>>>> >>>>>> -- >>>>>> Alexey Kuznetsov >>>>>> >>>> >>>> >>>> -- >>>> Alexey Kuznetsov >>> |
Re: Policy for update third-party dependencies
|
|
Guys,
Keep in mind that some projects can use *older* version of third-party libraries as well, and dependency upgrade can break them. In other words, dependency upgrade is in many cases an incompatible change for us, so we should do this with care. Unless there is a specific reason to upgrade a specific dependency, I think it's better to postpone it until major version. -Val On Sun, Aug 20, 2017 at 5:04 AM 李玉珏@163 <[hidden email]> wrote: > If the third party library is incompatible with the new version and the > old version (such as lucene3.5.0-5.5.2), and the dependent version of > Ignite is older, it may cause conflicts in the user's system. > For such scenarios, I think that updating third-party dependencies's > major version is valuable. > > > 在 2017/8/17 上午8:26, Denis Magda 写道: > > I would respond why do we need to update? Some bug, new capabilities, > security breach? Alexey K., please shed some light on this. > > > > — > > Denis > > > >> On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan <[hidden email]> > wrote: > >> > >> On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <[hidden email]> wrote: > >> > >>> Honestly, I wouldn’t touch a dependency if it works like a charm and > >>> nobody requested us to migrate to a new version. > >>> > >>> Why do you need to update Apache Common coded? > >>> > >> Not sure I agree. Why not update it? > >> > >> > >>> > >>> — > >>> Denis > >>> > >>>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov <[hidden email] > > > >>> wrote: > >>>> Done > >>>> > >>>> https://issues.apache.org/jira/browse/IGNITE-6090 > >>>> > >>>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < > >>> [hidden email]> > >>>> wrote: > >>>> > >>>>> The answer is Yes, we should update. Jira ticket assigned to the next > >>>>> release should be enough in my view. > >>>>> > >>>>> D. > >>>>> > >>>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < > >>> [hidden email]> > >>>>> wrote: > >>>>> > >>>>>> Hi, All! > >>>>>> > >>>>>> Do we have any policy for updating third-party dependencies? > >>>>>> > >>>>>> For example, I found that we are using very old Apache Common codec > >>>>> v.1.6 > >>>>>> (released in 2011) > >>>>>> And latest is Apache Common codec v.1.10 > >>>>>> > >>>>>> Do we need to update to new versions from time to time? > >>>>>> And how? > >>>>>> > >>>>>> Just create JIRA issue, update pom.xml and run all tests on TC - > will > >>> be > >>>>>> enough? > >>>>>> > >>>>>> -- > >>>>>> Alexey Kuznetsov > >>>>>> > >>>> > >>>> > >>>> -- > >>>> Alexey Kuznetsov > >>> > > > |
|
|
If the dependency is not exposed by the public API then another alternative
is to simply shade the artifact and then this becomes a non-issue for users. Considering Ignite is a platform that executes user code via compute and service grid I personally think it would be good to minimize the number of dependencies that can potentially conflict with user code. -Nick On Sun, Aug 20, 2017, 11:51 AM Valentin Kulichenko < [hidden email]> wrote: > Guys, > > Keep in mind that some projects can use *older* version of third-party > libraries as well, and dependency upgrade can break them. In other words, > dependency upgrade is in many cases an incompatible change for us, so we > should do this with care. > > Unless there is a specific reason to upgrade a specific dependency, I think > it's better to postpone it until major version. > > -Val > > On Sun, Aug 20, 2017 at 5:04 AM 李玉珏@163 <[hidden email]> wrote: > > > If the third party library is incompatible with the new version and the > > old version (such as lucene3.5.0-5.5.2), and the dependent version of > > Ignite is older, it may cause conflicts in the user's system. > > For such scenarios, I think that updating third-party dependencies's > > major version is valuable. > > > > > > 在 2017/8/17 上午8:26, Denis Magda 写道: > > > I would respond why do we need to update? Some bug, new capabilities, > > security breach? Alexey K., please shed some light on this. > > > > > > — > > > Denis > > > > > >> On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan <[hidden email] > > > > wrote: > > >> > > >> On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <[hidden email]> > wrote: > > >> > > >>> Honestly, I wouldn’t touch a dependency if it works like a charm and > > >>> nobody requested us to migrate to a new version. > > >>> > > >>> Why do you need to update Apache Common coded? > > >>> > > >> Not sure I agree. Why not update it? > > >> > > >> > > >>> > > >>> — > > >>> Denis > > >>> > > >>>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov < > [hidden email] > > > > > >>> wrote: > > >>>> Done > > >>>> > > >>>> https://issues.apache.org/jira/browse/IGNITE-6090 > > >>>> > > >>>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < > > >>> [hidden email]> > > >>>> wrote: > > >>>> > > >>>>> The answer is Yes, we should update. Jira ticket assigned to the > next > > >>>>> release should be enough in my view. > > >>>>> > > >>>>> D. > > >>>>> > > >>>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < > > >>> [hidden email]> > > >>>>> wrote: > > >>>>> > > >>>>>> Hi, All! > > >>>>>> > > >>>>>> Do we have any policy for updating third-party dependencies? > > >>>>>> > > >>>>>> For example, I found that we are using very old Apache Common > codec > > >>>>> v.1.6 > > >>>>>> (released in 2011) > > >>>>>> And latest is Apache Common codec v.1.10 > > >>>>>> > > >>>>>> Do we need to update to new versions from time to time? > > >>>>>> And how? > > >>>>>> > > >>>>>> Just create JIRA issue, update pom.xml and run all tests on TC - > > will > > >>> be > > >>>>>> enough? > > >>>>>> > > >>>>>> -- > > >>>>>> Alexey Kuznetsov > > >>>>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Alexey Kuznetsov > > >>> > > > > > > > |
Re: Policy for update third-party dependencies
|
|
Hi Nick,
Do you suggest to build and deploy uber-jars that has no external dependencies? -Val On Sun, Aug 20, 2017 at 1:02 PM, Nick Pordash <[hidden email]> wrote: > If the dependency is not exposed by the public API then another alternative > is to simply shade the artifact and then this becomes a non-issue for > users. > > Considering Ignite is a platform that executes user code via compute and > service grid I personally think it would be good to minimize the number of > dependencies that can potentially conflict with user code. > > -Nick > > On Sun, Aug 20, 2017, 11:51 AM Valentin Kulichenko < > [hidden email]> wrote: > > > Guys, > > > > Keep in mind that some projects can use *older* version of third-party > > libraries as well, and dependency upgrade can break them. In other words, > > dependency upgrade is in many cases an incompatible change for us, so we > > should do this with care. > > > > Unless there is a specific reason to upgrade a specific dependency, I > think > > it's better to postpone it until major version. > > > > -Val > > > > On Sun, Aug 20, 2017 at 5:04 AM 李玉珏@163 <[hidden email]> wrote: > > > > > If the third party library is incompatible with the new version and the > > > old version (such as lucene3.5.0-5.5.2), and the dependent version of > > > Ignite is older, it may cause conflicts in the user's system. > > > For such scenarios, I think that updating third-party dependencies's > > > major version is valuable. > > > > > > > > > 在 2017/8/17 上午8:26, Denis Magda 写道: > > > > I would respond why do we need to update? Some bug, new capabilities, > > > security breach? Alexey K., please shed some light on this. > > > > > > > > — > > > > Denis > > > > > > > >> On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan < > [hidden email] > > > > > > wrote: > > > >> > > > >> On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <[hidden email]> > > wrote: > > > >> > > > >>> Honestly, I wouldn’t touch a dependency if it works like a charm > and > > > >>> nobody requested us to migrate to a new version. > > > >>> > > > >>> Why do you need to update Apache Common coded? > > > >>> > > > >> Not sure I agree. Why not update it? > > > >> > > > >> > > > >>> > > > >>> — > > > >>> Denis > > > >>> > > > >>>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov < > > [hidden email] > > > > > > > >>> wrote: > > > >>>> Done > > > >>>> > > > >>>> https://issues.apache.org/jira/browse/IGNITE-6090 > > > >>>> > > > >>>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < > > > >>> [hidden email]> > > > >>>> wrote: > > > >>>> > > > >>>>> The answer is Yes, we should update. Jira ticket assigned to the > > next > > > >>>>> release should be enough in my view. > > > >>>>> > > > >>>>> D. > > > >>>>> > > > >>>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < > > > >>> [hidden email]> > > > >>>>> wrote: > > > >>>>> > > > >>>>>> Hi, All! > > > >>>>>> > > > >>>>>> Do we have any policy for updating third-party dependencies? > > > >>>>>> > > > >>>>>> For example, I found that we are using very old Apache Common > > codec > > > >>>>> v.1.6 > > > >>>>>> (released in 2011) > > > >>>>>> And latest is Apache Common codec v.1.10 > > > >>>>>> > > > >>>>>> Do we need to update to new versions from time to time? > > > >>>>>> And how? > > > >>>>>> > > > >>>>>> Just create JIRA issue, update pom.xml and run all tests on TC - > > > will > > > >>> be > > > >>>>>> enough? > > > >>>>>> > > > >>>>>> -- > > > >>>>>> Alexey Kuznetsov > > > >>>>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Alexey Kuznetsov > > > >>> > > > > > > > > > > > > |
|
|
Hi Val,
Pretty much, with obvious exceptions being integration modules with other projects. If the dependency is well isolated, then shading could be beneficial. I've also had to do this for client libraries operating inside other frameworks (I've had to shade netty to avoid conflicting with user code). It's a good alternative since relying on things like OSGi isn't all that practical due to lack of widespread adoption. -Nick On Mon, Aug 21, 2017, 10:48 AM Valentin Kulichenko < [hidden email]> wrote: > Hi Nick, > > Do you suggest to build and deploy uber-jars that has no external > dependencies? > > -Val > > On Sun, Aug 20, 2017 at 1:02 PM, Nick Pordash <[hidden email]> > wrote: > > > If the dependency is not exposed by the public API then another > alternative > > is to simply shade the artifact and then this becomes a non-issue for > > users. > > > > Considering Ignite is a platform that executes user code via compute and > > service grid I personally think it would be good to minimize the number > of > > dependencies that can potentially conflict with user code. > > > > -Nick > > > > On Sun, Aug 20, 2017, 11:51 AM Valentin Kulichenko < > > [hidden email]> wrote: > > > > > Guys, > > > > > > Keep in mind that some projects can use *older* version of third-party > > > libraries as well, and dependency upgrade can break them. In other > words, > > > dependency upgrade is in many cases an incompatible change for us, so > we > > > should do this with care. > > > > > > Unless there is a specific reason to upgrade a specific dependency, I > > think > > > it's better to postpone it until major version. > > > > > > -Val > > > > > > On Sun, Aug 20, 2017 at 5:04 AM 李玉珏@163 <[hidden email]> wrote: > > > > > > > If the third party library is incompatible with the new version and > the > > > > old version (such as lucene3.5.0-5.5.2), and the dependent version of > > > > Ignite is older, it may cause conflicts in the user's system. > > > > For such scenarios, I think that updating third-party dependencies's > > > > major version is valuable. > > > > > > > > > > > > 在 2017/8/17 上午8:26, Denis Magda 写道: > > > > > I would respond why do we need to update? Some bug, new > capabilities, > > > > security breach? Alexey K., please shed some light on this. > > > > > > > > > > — > > > > > Denis > > > > > > > > > >> On Aug 16, 2017, at 5:12 PM, Dmitriy Setrakyan < > > [hidden email] > > > > > > > > wrote: > > > > >> > > > > >> On Wed, Aug 16, 2017 at 5:02 PM, Denis Magda <[hidden email]> > > > wrote: > > > > >> > > > > >>> Honestly, I wouldn’t touch a dependency if it works like a charm > > and > > > > >>> nobody requested us to migrate to a new version. > > > > >>> > > > > >>> Why do you need to update Apache Common coded? > > > > >>> > > > > >> Not sure I agree. Why not update it? > > > > >> > > > > >> > > > > >>> > > > > >>> — > > > > >>> Denis > > > > >>> > > > > >>>> On Aug 16, 2017, at 10:36 AM, Alexey Kuznetsov < > > > [hidden email] > > > > > > > > > >>> wrote: > > > > >>>> Done > > > > >>>> > > > > >>>> https://issues.apache.org/jira/browse/IGNITE-6090 > > > > >>>> > > > > >>>> On Wed, Aug 16, 2017 at 8:01 PM, Dmitriy Setrakyan < > > > > >>> [hidden email]> > > > > >>>> wrote: > > > > >>>> > > > > >>>>> The answer is Yes, we should update. Jira ticket assigned to > the > > > next > > > > >>>>> release should be enough in my view. > > > > >>>>> > > > > >>>>> D. > > > > >>>>> > > > > >>>>> On Wed, Aug 16, 2017 at 2:38 AM, Alexey Kuznetsov < > > > > >>> [hidden email]> > > > > >>>>> wrote: > > > > >>>>> > > > > >>>>>> Hi, All! > > > > >>>>>> > > > > >>>>>> Do we have any policy for updating third-party dependencies? > > > > >>>>>> > > > > >>>>>> For example, I found that we are using very old Apache Common > > > codec > > > > >>>>> v.1.6 > > > > >>>>>> (released in 2011) > > > > >>>>>> And latest is Apache Common codec v.1.10 > > > > >>>>>> > > > > >>>>>> Do we need to update to new versions from time to time? > > > > >>>>>> And how? > > > > >>>>>> > > > > >>>>>> Just create JIRA issue, update pom.xml and run all tests on > TC - > > > > will > > > > >>> be > > > > >>>>>> enough? > > > > >>>>>> > > > > >>>>>> -- > > > > >>>>>> Alexey Kuznetsov > > > > >>>>>> > > > > >>>> > > > > >>>> > > > > >>>> -- > > > > >>>> Alexey Kuznetsov > > > > >>> > > > > > > > > > > > > > > > > > > |
«
Return to Apache Ignite Developers - Legacy Mail Archive
|
1 view|%1 views
| Free forum by Nabble | Edit this page |