Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Releases v0.14.4 and v0.14.5 #279

Closed
PawelLipski opened this issue Apr 8, 2023 · 5 comments
Closed

Releases v0.14.4 and v0.14.5 #279

PawelLipski opened this issue Apr 8, 2023 · 5 comments

Comments

@PawelLipski
Copy link

Apparently, this library is lagging behind circe (and also circe-generic)... which means that for the sake of Scala Steward, we need to split the versions b/w this library and circe. Is it intentional? 🤔
@ComFreek
Copy link

ComFreek commented Jul 29, 2023
edited
Loading

Dear maintainers, any updates? 😄

This was referenced Aug 16, 2023
Closed
Closed
@awilliamsOM1
Copy link

I just put up two PRs to upgrade the circe versions. Hopefully the maintainers will accept the PRs and release new versions of circe-generic-extras

@zarthross
Copy link
Member

We've added a table to the readme to help with this confusion, please reference this link https://github.com/circe/circe-generic-extras/blob/main/README.md#versioning

@awilliamsOM1
Copy link

awilliamsOM1 commented Nov 7, 2023
edited
Loading

I don't this this issues should be closed. I understand the versioning of circe-generic-extras is not intended to match the circe versions. That is fine. However it is important to update the circe versions in this library when new version of circe are released. For organizations with strict building turned on, circe cannot be upgraded to the latest version (0.14.6) because we also need circe-generic-extras which is still using circe 0.14.3.

My organization is trying to resolve a critical CVE vulnerability, but that requires upgrading circe, but we can't because circe-generic-extras hasn't released a version with circe 0.14.6. As a result our strict builds fail.

Two PRs have been put up that would solve this issue. I put up one and ScalaSteward put up one. #312

I am not trying to force maintainers to keep the version of circe-generic-extras synced with circe. But I would like to emphasized the importance of releasing circe-generic-extras with updated versions of circe dependancies when they become available.

@zarthross
Copy link
Member

@awilliamsOM1 Are you saying that your builds disallow any evictions? Because that seems unreasonable in an open source ecosystem. If we are forced to release all 20 other circe projects every time core is released that would be very time consuming, we might as well have a mono-repo of all projects... and that's just not tenable.

Every time a new cats version patch version is released, do you expect every downstream project to release a new version? The entire reason we use projects like mima and version-scheme-enforcer is to ensure that patch releases and minor releases are binary compatible with each other... and if you are still worried about binary compatibility projects sbt-missingln exist to solve that problem.

@zarthross zarthross mentioned this issue Nov 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zarthross @ComFreek @PawelLipski @awilliamsOM1