4.4.0 release depends on SNAPSHOT dependencies

[mpollmeier]

Thank you for maintaining this project! We use it happily in https://github.com/joernio/joern, an open-source code analysis platform.

When we tried to upgrade to 4.4.0 we found out that the release has some direct SNAPSHOT dependencies, namely de.upb.cs.swt:axml:2.1.0-SNAPSHOT, de.upb.cs.swt:heros:1.2.3-SNAPSHOT and ca.mcgill.sable:jasmin:3.0.3-SNAPSHOT See also https://repo.maven.apache.org/maven2/org/soot-oss/soot/4.4.0/soot-4.4.0.pom

Snapshots can be updated and deleted any time, so unfortunately that means that 4.4.0 is unusable for us, and likely also for others. We'll just stay on 4.3.0 for now, but just wanted to share this, hopefully you can fix the release process for next time.

I'm not sure how your release process currently works, but the Maven release plugin normally ensures that there's not SNAPSHOT dependencies.

[mpollmeier]

Oh, and greetings from Detmold! I just noticed you're based in Paderborn, which is on the other side of the hills :)

[StevenArzt]

Many of these dependencies have been released as well in the meantime. I have updated the dependencies accordingly. We just need to decide whether we can overwrite the 4.4.0 release, or whether we should just release 4.4.1 with the fix.

@kadirayk What's your opinion on this?

[kadirayk]

It's not allowed to delete or overwrite a released version. So we need to release version 4.4.1.

[mpollmeier]

It's not allowed to delete or overwrite a released version

unless it's a SNAPSHOT 😉

Thank you!

[StevenArzt]

@kadirayk Can you take care of releasing 4.4.1? I'll then make sure to also release FlowDroid 2.11.1 downstream to reference Soot 4.4.1.

[kadirayk]

4.4.1 is released now :)

[mpollmeier]

Thank you, we upgraded and it's all green: https://github.com/joernio/joern/pull/2204