Update r2dbc dependencies #60
Conversation
|
Could you provide some of the context? Generally, for 1.0.0 releases, we only upgrade if there are CVEs to worry about. |
So basically I was trying to add sbt-license-report which led me down to a massive rabbit hole, the tl;dr is that I can still add sbt-license-report but in doing so I have to use this workaround in // This is here because sbt's ivy resolver doesn't properly support packaging.type when
// resolving via sbt-license-report, see https://github.com/sbt/sbt/issues/3618
val r2dbcPostgres = Seq(
("org.postgresql" % "r2dbc-postgresql" % "0.9.1.RELEASE").excludeAll(
"io.netty.incubator", "netty-incubator-codec-native-quic"),
("io.netty.incubator" % "netty-incubator-codec-native-quic" % "0.0.26.Final")
.artifacts(Artifact("netty-incubator-codec-native-quic",
url("https://repo1.maven.org/maven2/io/netty/incubator/netty-incubator-codec-native-quic/0.0.26.Final/netty-incubator-codec-native-quic-0.0.26.Final.test"))))The workaround has zero impact on the binary/dependency resolution, but as you can see its somewhat hacky because i have to override the artifact with a manual URI. Given that the URI is tied to a specific version of Hence why I just want to update to the latest bincompat version since that reduces the risk of someone updating the dependencies and doing it incorrectly (i.e. possibly scala-steward in the future) to mitigate this risk. See sbt/sbt-license-report#87 and sbt/sbt-license-report#86 for additional context |
The context for this is an upcoming PR to add license-report and updating these dependencies will make things slightly easier in the long run.
The dependencies being updated are bincompat so there shouldn't be any issues