[GitHub] [guacamole-client] mike-jumper commented on a diff in pull request #772: GUACAMOLE-1594: (Re-)Update Java dependencies to latest compatible versions.

[GitBox <gi...@apache.org>]

mike-jumper commented on code in PR #772:
URL: https://github.com/apache/guacamole-client/pull/772#discussion_r1018485795


##########
extensions/guacamole-auth-ldap/pom.xml:
##########
@@ -72,6 +78,14 @@
             <version>3.12.0</version>
         </dependency>
 
+        <!-- Force latest version of commons-text (transitive dependency from

Review Comment:
   > What happens if a new version is released?
   
   Whenever dependencies are updated, we have to revisit whether any of the exclusions and corresponding overrides are still necessary. All that is always a manual process. No dependency will be updating itself without someone going into the `pom.xml` and intentionally updating it.
   
   > ... will we then have multiple different versions of commons-text floating around at the same time?
   
   No - the override here ensures the version included is only that version. If we somehow did inadvertently include multiple versions of a dependency, we have build-time sanity checks that would fail.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org