not sure to understand the problem of dependency update? nothing is urgent for updating a test dependency, security issue maybe but that's a test dependency so less important than a runtime one.
On Tue, 22 Jul 2025 at 04:22, Matthias Bünger <mbuen...@apache.org> wrote: > > It doesn't change the effort. It even adds one more project to update - > the one of the parent on top of the projects wher the partent needs to > get updated... > > Am 21.07.2025 um 19:47 schrieb Andy Law: > > As more of a wider question, why would this not be specified in the Parent > > POM if it were adopted as an “approved” dependency? > > > > Later, > > > > Andy > > > > From: Matthias Bünger <mbuen...@apache.org> > > Date: Monday, 21 July 2025 at 18:40 > > To: dev@maven.apache.org <dev@maven.apache.org> > > Subject: Re: The use of AssertJ assertions > > > > Hi all, > > > > while I really like the AssertJ assertions, e.g. for readibility and > > expandability (custom assertions), I'm slighty against using it in a big > > project like Maven (thinking of core, plugins, components) cause of the > > time it takes to keep the dependncy up to date - we have about 100 > > repositories! AssertJ is, like JUnit, a dependency which gets updates > > quite often. Appliying them (even with the help of dependabot) take a > > lot of time. Since I'm a commiter, a lot of time of the time I spent for > > Maven, I spent on doing dependency updates. > > > > So see this as a -0 (nb). > > > > Matthias > > > > > > Am 21.07.2025 um 06:50 schrieb Giovanni van der Schelde: > >> Hi all, > >> > >> In a recent PR review, the use of AssertJ assertions was raised as a point > >> of discussion. > >> To avoid recurring debates and ensure the PR is reviewed for the changes > >> it provides, I’d like to propose that we clarify the goal regarding this, > >> and perhaps other, dependencies. > >> > >> Specifically, should we: > >> > >> - Remove the AssertJ dependency entirely to prevent its use? > >> - State that we support the dependency and accept its use in our tests? > >> > >> Having a clear stance on this would help streamline code reviews and avoid > >> repeated discussions on future PRs. > >> > >> Perhaps there are already some guidelines on this which I'm unaware of, so > >> I'm looking forward to your input. > >> > >> Regards, > >> > >> Giovanni van der Schelde > >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > The University of Edinburgh is a charitable body, registered in Scotland, > > with registration number SC005336. Is e buidheann carthannais a th’ ann an > > Oilthigh Dhùn Èideann, clàraichte an Alba, àireamh clàraidh SC005336. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
