You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm looking into using Quarkus (w/ Gradle) for a greenfield-ish project and have a question about managing library versions across the project "by Quarkus".
Just as a concrete example, I notice that Quarkus extensions automatically bring in specific library versions. For example, io.quarkus:quarkus-rest-jackson (at 3.19.1 right now) pulls in com.fasterxml.jackson.core:jackson-databind at version 2.18.2, while the latest version on Maven Central is 2.18.3.
Some questions about the recommended approach for library versioning in Quarkus projects:
What is the recommended way to use newer versions of libraries than those pulled in by Quarkus extensions? While explicit declaration works (e.g., implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.3'), are there better practices for ensuring compatibility, especially for cases where a "family" of such dependencies gets pulled in (com.fasterxml.jackson.datatype:jackson-datatype-jdk8 and com.fasterxml.jackson.module:jackson-module-parameter-names for instance) ?
How are library versions managed across the Quarkus ecosystem? Is updating the quarkusPlatformVersion the expected way to receive library updates?
Are there general guidelines for determining when it's safe to override a library version versus accepting the version bundled with an extension?
How does the Quarkus team approach compatibility testing for libraries that extensions depend on?
I'm particularly interested in understanding the balance between staying current with security patches and maintaining compatibility with the Quarkus framework.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello Quarkus team,
I'm looking into using Quarkus (w/ Gradle) for a greenfield-ish project and have a question about managing library versions across the project "by Quarkus".
Just as a concrete example, I notice that Quarkus extensions automatically bring in specific library versions. For example,
io.quarkus:quarkus-rest-jackson(at3.19.1right now) pulls incom.fasterxml.jackson.core:jackson-databindat version2.18.2, while the latest version on Maven Central is2.18.3.Some questions about the recommended approach for library versioning in Quarkus projects:
implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.3'), are there better practices for ensuring compatibility, especially for cases where a "family" of such dependencies gets pulled in (com.fasterxml.jackson.datatype:jackson-datatype-jdk8andcom.fasterxml.jackson.module:jackson-module-parameter-namesfor instance) ?quarkusPlatformVersionthe expected way to receive library updates?I'm particularly interested in understanding the balance between staying current with security patches and maintaining compatibility with the Quarkus framework.
Thank you for any insights you can provide.
Beta Was this translation helpful? Give feedback.
All reactions