Thanks, that was a bit of work from a question about just one dependency,
but hopefully this will make maintenance quite a lot easier going forward.

Aaron

On Thu, Nov 12, 2020, 12:54 Andy Seaborne <[email protected]> wrote:

> OK - I think it is tamed for now!
>
> A lot of updates, nothing serious showing up. The build became unstable
> due to trying to do too much in one go but should now be green - it is
> at TravisCI.
>
>      Andy
>
> == Process
>
> dependabot is administered by the file
>
> <root>/.github/dependabot.yml
>
> Currently, set to run monthly.
>
> There is no other setting for on/off; if it is there, dependabot runs
>
> This is not all good; it runs for clones of the repo but they don't any
> tidy and suppression of unwanted updates.
>
> The "schedule" is required otherwise it could be manual and run from GH
> UI via "Insights" -> "Dependency Graph" -> "Dependabot".
>
> == This cycle
>
> There are a couple for major upgrades highlighted:
>
> * Lucene 7 -> 8
> * org.osgi.core 5.0.0 -> 6.0.0
>
> (nothing done about them)
>
> Too near to a release for org.osgi.core and Lucene 7->8 is a major
> decision and there is no rush that I'm aware of.
>
> * jena-elephas : Uses hadoop 2, guava 11 - I hope I've told the
> dependabot to ignore these.
>
> It's the Guava bit that I'm unsure about as we have two different
> dependencies.
>
> == Things that broke:
>
> GeoSPARQL
> SIS 0.8 -> 1.0 : test failure
> (left at 0.8, JENA-1996)
>
> jena-sdb : hsql v2
>    Left at v1
>
> == Notes
>
> 1/
> Derby 10.15.x.y requires java9, so updated only as far as 10.14.x.y and
> then dependabot asked to ignore the minor version.
> (used for testing by jena-sdb by jena-geosparql)
>
> 2/
> The updated shade plugin has some new warnings about overlapping files.
> It looks safe, needs checking (and maybe there are shading transformers
> to merge the files).
>
>
> == Updates done
>
> HttpClient to 4.5.13
> commons-lang3 from 3.10 to 3.11
> guava 29-jre to 30-jre (shaded)
> spatial4j from 0.6 to 0.7
> airline.version from 2.1.1 to 2.8.0
> jts-core from 1.16.1 to 1.17.1
> shiro from 1.5.1 to 1.7.0
> jackson from 2.10.1 to 2.11.3
> commons-codec 1.14 to 1.15
> commons-io from 2.6 to 2.8.0
> micrometer from 1.5.5 to 1.6.1
> jcommander from 1.72 to 1.78
>
> and plugins.
>
>      Andy
>

Reply via email to