Hi, Thanks for taking care of Beam dependencies. The guava was tracked in BEAM-5559 <https://issues.apache.org/jira/browse/BEAM-5559>. It was filtered out by the tool because of the target version is x.y-jre.
On the other hand, I checked the logs of dependency job and found that the high priority dependencies are way less than normal. I think the gradle-versions-plugin sometimes couldn't get the versions which are defined in BeamModulePlugin.groovy. Need more investigations on the dependency management tool. Yifan On Mon, Nov 11, 2019 at 10:14 AM Tomo Suzuki <suzt...@google.com> wrote: > Hi Beam developers, > (I'm thinking to contribute to upgrades of Java dependencies of Beam; I > just read https://beam.apache.org/contribute/dependencies/) > > As per the weekly report, Apache Beam Java SDK only has 8 outdated > dependencies based on the criteria. However, it seems many others are not > up-to-date. For example Guava 20.0 used in Beam > <https://github.com/apache/beam/blob/d692d2f/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy#L375> > is not the latest major release. > > Why do some outdated dependencies not appear in this report? > > Regards, > Tomo > > On Mon, Nov 11, 2019 at 7:05 AM Apache Jenkins Server < > jenk...@builds.apache.org> wrote: > >> High Priority Dependency Updates Of Beam Python SDK: >> *Dependency Name* *Current Version* *Latest Version* *Release Date Of >> the Current Used Version* *Release Date Of The Latest Release* *JIRA >> Issue* >> mock <https://pypi.org/project/mock> 2.0.0 3.0.5 2019-05-20 2019-05-20 >> BEAM-7369 <https://issues.apache.org/jira/browse/BEAM-7369> >> oauth2client <https://pypi.org/project/oauth2client> 3.0.0 4.1.3 >> 2018-12-10 2018-12-10 BEAM-6089 >> <https://issues.apache.org/jira/browse/BEAM-6089> >> Sphinx <https://pypi.org/project/Sphinx> 1.8.5 2.2.1 2019-05-20 >> 2019-10-28 BEAM-7370 <https://issues.apache.org/jira/browse/BEAM-7370> High >> Priority Dependency Updates Of Beam Java SDK: >> *Dependency Name* *Current Version* *Latest Version* *Release Date Of >> the Current Used Version* *Release Date Of The Latest Release* *JIRA >> Issue* >> com.github.ben-manes.versions:com.github.ben-manes.versions.gradle.plugin >> <https://mvnrepository.com/artifact/com.github.ben-manes.versions/com.github.ben-manes.versions.gradle.plugin> >> 0.20.0 0.27.0 2019-02-11 2019-10-21 BEAM-6645 >> <https://issues.apache.org/jira/browse/BEAM-6645> >> com.github.spotbugs:spotbugs >> <https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs> 3.1.12 >> 4.0.0-beta4 2019-03-01 2019-09-18 BEAM-7792 >> <https://issues.apache.org/jira/browse/BEAM-7792> >> com.github.spotbugs:spotbugs-annotations >> <https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations> >> 3.1.12 4.0.0-beta4 2019-03-01 2019-09-18 BEAM-6951 >> <https://issues.apache.org/jira/browse/BEAM-6951> >> javax.servlet:javax.servlet-api >> <https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api> >> 3.1.0 4.0.1 2013-04-25 2018-04-20 BEAM-5750 >> <https://issues.apache.org/jira/browse/BEAM-5750> >> org.conscrypt:conscrypt-openjdk >> <https://mvnrepository.com/artifact/org.conscrypt/conscrypt-openjdk> >> 1.1.3 2.2.1 2018-06-04 2019-08-08 BEAM-5748 >> <https://issues.apache.org/jira/browse/BEAM-5748> >> org.eclipse.jetty:jetty-server >> <https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-server> >> 9.2.10.v20150310 10.0.0-alpha0 2015-03-10 2019-07-11 BEAM-5752 >> <https://issues.apache.org/jira/browse/BEAM-5752> >> org.eclipse.jetty:jetty-servlet >> <https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-servlet> >> 9.2.10.v20150310 10.0.0-alpha0 2015-03-10 2019-07-11 BEAM-5753 >> <https://issues.apache.org/jira/browse/BEAM-5753> >> Gradle: <https://mvnrepository.com/artifact/Gradle/> 5.2.1 6.0 2019-08-19 >> 2019-11-11 BEAM-8002 <https://issues.apache.org/jira/browse/BEAM-8002> A >> dependency update is high priority if it satisfies one of following >> criteria: >> >> - It has major versions update available, e.g. >> org.assertj:assertj-core 2.5.0 -> 3.10.0; >> >> >> - It is over 3 minor versions behind the latest version, e.g. >> org.tukaani:xz 1.5 -> 1.8; >> >> >> - The current version is behind the later version for over 180 days, >> e.g. com.google.auto.service:auto-service 2014-10-24 -> 2017-12-11. >> >> In Beam, we make a best-effort attempt at keeping all dependencies >> up-to-date. In the future, issues will be filed and tracked for these >> automatically, but in the meantime you can search for existing issues or >> open a new one. For more information: Beam Dependency Guide >> <https://beam.apache.org/contribute/dependencies/> >> > > > -- > Regards, > Tomo >
