psxjoy opened a new issue, #558:
URL: https://github.com/apache/ozhera/issues/558
### Description
Some third-party JAR dependencies in the current project are outdated and
may pose security risks, performance issues, or compatibility challenges. We
need to systematically identify and update these dependencies while ensuring
project stability during the upgrade process. This issue will serve as a
centralized tracker for all related PRs and welcomes contributions from the
community.
---
### Goals
1. Identify all outdated/inactively maintained dependencies (via `mvn
versions:display-dependency-updates` scans or manual review).
2. Create independent subtasks (child issues) for each dependency requiring
updates, labeled with priority (e.g., **security-critical**,
**functionality-blocking**, **low-risk**).
3. Submit PRs to update versions incrementally, with the following
requirements:
- Each PR addresses **only one** dependency update.
- Include necessary unit/integration test validations.
- Update relevant documentation (e.g., configuration examples, version
notes).
4. Maintain a list of updated dependencies (see comments section below).
---
### How to Contribute?
1. Check the [Pending Dependencies List](#) (link to be maintained).
2. Comment below to claim a dependency (e.g., "Claiming:
`com.example:old-lib` upgrade from `1.2.3` to `2.0.0`").
3. Reference this issue in your PR description (use `Closes #123` or
`Related to #123`).
---
### Submitted PRs (Ongoing Updates)
- []
---
### Notes
⚠️ **Compatibility Checks**:
- Document API incompatibilities (e.g., Guava 20→32+) in child issues.
- Prioritize Long-Term Support (LTS) versions.
💡 **Collaboration Tips**:
- For complex upgrades (e.g., major Spring Framework versions), propose a
discussion first.
- Use `mvn dependency:tree` to analyze transitive dependency conflicts.
---
### Resources
- Communication channels: [Mailing List](mailto:[email protected]) |
[Slack](https://ozhear.slack.com/archives/C12345)
All contributions are welcome—even updating a single dependency makes a
difference! 🚀
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
