Hi all, Over the last few days I’ve spent a fair amount of time upgrading the *minor versions* of all project dependencies.
I achieved this by setting up an ad-hoc configuration of Dependabot, running it multiple times on my fork, and then debugging and fixing the issues that came up along the way. The result of this work is captured in four pull requests I opened today: - 2 PRs for ofbiz-framework (one for *trunk* [1], one for *release24.09* [2]) - 2 PRs for ofbiz-plugins (one for *trunk* [3], one for *release24.09* [4]) I would like to get these merged relatively soon. Keeping up with at least minor version upgrades is important (especially for security reasons), and since we are planning a new release shortly, it would be great to include the latest dependency fixes. Reviews and help with testing are very welcome. Once these are merged, my next step will be to prepare a proper Dependabot configuration to keep minor versions automatically up to date (via PRs) on both branches. After that, we can also start discussing whether we want to approach *major* version upgrades in a similar way, at least on trunk. Thanks in advance for your feedback and help. Best regards, Jacopo [1] https://github.com/apache/ofbiz-framework/pull/1039 [2] https://github.com/apache/ofbiz-framework/pull/1040 [3] https://github.com/apache/ofbiz-plugins/pull/174 [4] https://github.com/apache/ofbiz-plugins/pull/175
