Update dependencies #1815
Merged
Update dependencies #1815
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dscho
force-pushed
the
update-dependencies
branch
from
81976f4
to
ec06e96
Compare
derrickstolee
approved these changes
Aug 22, 2024
dscho
commented
Aug 22, 2024
There was a problem hiding this comment.
This PR on its own does not actually address all outstanding Component Detection issues: clearlydefined/curated-data#28383 needs to be accepted first, maybe with modifications once/if spdx/license-list-XML#2550 gets addressed. After that, I'll have to re-run the Azure Pipeline that performs the Component Detection.
Comment on lines
16
to
17
| <PackageReference Include="GitForWindows.GVFS.Installer" Version="$(GitPackageVersion)" /> | ||
| <PackageReference Include="GitForWindows.GVFS.Portable" Version="$(GitPackageVersion)" /> | ||
| <PackageReference Include="GitForWindows.GVFS.Installer" Version="2.20220414.4" /> | ||
| <PackageReference Include="GitForWindows.GVFS.Portable" Version="2.20220414.4" /> |
There was a problem hiding this comment.
Oops. I guess that this should be adjusted elsewhere...
The primary reason is that Component Detection (https://github.com/microsoft/component-detection) pointed out that the version we used is missing legal information. As of clearlydefined/curated-data#23677, version 6.2.1 of this package has a documented license. Therefore, this issue should be hereby resolved. Besides, it's always good to stay up to date with dependencies. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
The primary reason is that Component Detection (https://github.com/microsoft/component-detection) pointed out that the version we used is missing legal information. Noticing that https://www.nuget.org/packages/LibGit2Sharp.NativeBinaries/2.0.278/License shows only a link into the repository, but the full license is shown at https://www.nuget.org/packages/LibGit2Sharp.NativeBinaries/2.0.322/License this issue should be hereby resolved. Besides, it's always good to stay up to date with dependencies. Since libgit2 is very careful about backwards-compatibility (and therefore LibGit2Sharp, too), this update should not result in any change of behavior. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Now that we addressed the Component Detection issues, let's just go ahead and proactively update the remaining dependencies, too. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
dscho
force-pushed
the
update-dependencies
branch
from
ec06e96
to
56f001a
Compare
|
@derrickstolee would you mind having another look, just for completeness' sake? |
derrickstolee
approved these changes
Aug 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In reaction to Component Detection pointing out two more issues where dependencies are missing legal information, this PR updates the dependencies (all of them, including the two pointed out by Component Detection) to their latest stable versions.
This includes updating the InnoSetup dependency to a newer version, the LibGit2Sharp dependency to a newer version, and all remaining dependencies to their latest stable versions.