Can we talk about annotations which are broken when you upgrade spring boot ? You are asked to upgrade some old application to the newest version of spring boot, application that you discover on the spot, the application does not work anymore after the upgrade, and you have to go through 10 intermediate upgrade guides to discover what could possibly be wrong ?
Gradle, with it’s transitive dependency modifications is a huge pain in this area.
It used to be that if a library ended up having a flaw then it would be flagged and we would get the dependency updated. These days security block the “security risk” and you have to replace your dependencies dependency. Fingers crossed you can get it to actually test all the code paths.
If an second level project gets a flaw, and it’s used indirectly then we should really look at getting the import updated so that we know it works. If that import is abandoned then we should not be updating that second level dependency, either adopt and fix the first level dependency or look at an alternative.
An application I’ve never heard or seen before that needs to be upgraded, and it breaks, so you now need to understand what the hell this application does so you can fix it properly.
Can we talk about annotations which are broken when you upgrade spring boot ? You are asked to upgrade some old application to the newest version of spring boot, application that you discover on the spot, the application does not work anymore after the upgrade, and you have to go through 10 intermediate upgrade guides to discover what could possibly be wrong ?
Gradle, with it’s transitive dependency modifications is a huge pain in this area.
It used to be that if a library ended up having a flaw then it would be flagged and we would get the dependency updated. These days security block the “security risk” and you have to replace your dependencies dependency. Fingers crossed you can get it to actually test all the code paths.
If an second level project gets a flaw, and it’s used indirectly then we should really look at getting the import updated so that we know it works. If that import is abandoned then we should not be updating that second level dependency, either adopt and fix the first level dependency or look at an alternative.
Holy shit mood, described to the tee.
An application I’ve never heard or seen before that needs to be upgraded, and it breaks, so you now need to understand what the hell this application does so you can fix it properly.