Thanks, that was a bit of work from a question about just one dependency, but hopefully this will make maintenance quite a lot easier going forward.
Aaron On Thu, Nov 12, 2020, 12:54 Andy Seaborne <[email protected]> wrote: > OK - I think it is tamed for now! > > A lot of updates, nothing serious showing up. The build became unstable > due to trying to do too much in one go but should now be green - it is > at TravisCI. > > Andy > > == Process > > dependabot is administered by the file > > <root>/.github/dependabot.yml > > Currently, set to run monthly. > > There is no other setting for on/off; if it is there, dependabot runs > > This is not all good; it runs for clones of the repo but they don't any > tidy and suppression of unwanted updates. > > The "schedule" is required otherwise it could be manual and run from GH > UI via "Insights" -> "Dependency Graph" -> "Dependabot". > > == This cycle > > There are a couple for major upgrades highlighted: > > * Lucene 7 -> 8 > * org.osgi.core 5.0.0 -> 6.0.0 > > (nothing done about them) > > Too near to a release for org.osgi.core and Lucene 7->8 is a major > decision and there is no rush that I'm aware of. > > * jena-elephas : Uses hadoop 2, guava 11 - I hope I've told the > dependabot to ignore these. > > It's the Guava bit that I'm unsure about as we have two different > dependencies. > > == Things that broke: > > GeoSPARQL > SIS 0.8 -> 1.0 : test failure > (left at 0.8, JENA-1996) > > jena-sdb : hsql v2 > Left at v1 > > == Notes > > 1/ > Derby 10.15.x.y requires java9, so updated only as far as 10.14.x.y and > then dependabot asked to ignore the minor version. > (used for testing by jena-sdb by jena-geosparql) > > 2/ > The updated shade plugin has some new warnings about overlapping files. > It looks safe, needs checking (and maybe there are shading transformers > to merge the files). > > > == Updates done > > HttpClient to 4.5.13 > commons-lang3 from 3.10 to 3.11 > guava 29-jre to 30-jre (shaded) > spatial4j from 0.6 to 0.7 > airline.version from 2.1.1 to 2.8.0 > jts-core from 1.16.1 to 1.17.1 > shiro from 1.5.1 to 1.7.0 > jackson from 2.10.1 to 2.11.3 > commons-codec 1.14 to 1.15 > commons-io from 2.6 to 2.8.0 > micrometer from 1.5.5 to 1.6.1 > jcommander from 1.72 to 1.78 > > and plugins. > > Andy >
