-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Releases v0.14.4 and v0.14.5 #279
Comments
Dear maintainers, any updates? 😄 |
I just put up two PRs to upgrade the circe versions. Hopefully the maintainers will accept the PRs and release new versions of circe-generic-extras |
We've added a table to the readme to help with this confusion, please reference this link https://github.com/circe/circe-generic-extras/blob/main/README.md#versioning |
I don't this this issues should be closed. I understand the versioning of circe-generic-extras is not intended to match the circe versions. That is fine. However it is important to update the circe versions in this library when new version of circe are released. For organizations with strict building turned on, circe cannot be upgraded to the latest version (0.14.6) because we also need circe-generic-extras which is still using circe 0.14.3. My organization is trying to resolve a critical CVE vulnerability, but that requires upgrading circe, but we can't because circe-generic-extras hasn't released a version with circe 0.14.6. As a result our strict builds fail. Two PRs have been put up that would solve this issue. I put up one and ScalaSteward put up one. #312 I am not trying to force maintainers to keep the version of circe-generic-extras synced with circe. But I would like to emphasized the importance of releasing circe-generic-extras with updated versions of circe dependancies when they become available. |
@awilliamsOM1 Are you saying that your builds disallow any evictions? Because that seems unreasonable in an open source ecosystem. If we are forced to release all 20 other circe projects every time core is released that would be very time consuming, we might as well have a mono-repo of all projects... and that's just not tenable. Every time a new cats version patch version is released, do you expect every downstream project to release a new version? The entire reason we use projects like mima and version-scheme-enforcer is to ensure that patch releases and minor releases are binary compatible with each other... and if you are still worried about binary compatibility projects sbt-missingln exist to solve that problem. |
Apparently, this library is lagging behind circe (and also circe-generic)... which means that for the sake of Scala Steward, we need to split the versions b/w this library and circe. Is it intentional? 🤔
The text was updated successfully, but these errors were encountered: