lahodaj commented on code in PR #7001: URL: https://github.com/apache/netbeans/pull/7001#discussion_r1467637319
########## java/maven.embedder/external/binaries-list: ########## @@ -17,3 +17,4 @@ DC15DFF8F701B227EE523EEB7A17F77C10EAFE2F org.jdom:jdom2:2.0.6.1 5D9CE6ADD7B714B8095F0E3E396C5E9F8C5DCFEF org.apache.maven.shared:maven-dependency-tree:2.2 FC5C01A07E4A2DDF84AF0DFADF382E6F7993462D org.apache.maven:apache-maven:3.9.6:bin@zip +C4A06A64E650562F30B7BF9AAEC1BFED43ACA12B com.google.guava:failureaccess:1.0.2 Review Comment: Purely regarding "Looking at the pom, guava 32.1.2 was tested and released with failureaccess 1.0.1." - the OSGi metadata allow `[1.0,2)`, i.e. `1.0.2` is OK. And there are no real differences between 1.0.1 and 1.0.2, except for the Automatic-Module-Name to the best of my knowledge. I agree that we'll upgrade the whole Guava at some point, although that may be a tiny bit more difficult (or not - but at least the license must be re-checked thoroughly). But until Maven is solved, this is a bit unimportant for my purpose - we would still have the failureaccess 1.0.1, and it does not really matter it is part of "Maven". (It may still be fine for other purposes, of course.) That said - I opened this mostly because I didn't want this to just be buried in some external patch queue (out of which it would be effectively impossible to adopt), setting up an unfortunate precedent along the way. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
