risdenk commented on pull request #707: URL: https://github.com/apache/solr/pull/707#issuecomment-1051077526
So to be honest - I'm not a super fan of tools like these. I understand how it looks helpful, but the tools don't account for major versions or other things that shouldn't be upgraded independently. Some bad examples from the report: * any of the google cloud dependencies - should be updated through google cloud bom (recently added) - https://github.com/apache/solr/blob/main/versions.props#L10 * com.squareup.okhttp3:okhttp [4.9.3 -> 5.0.0-alpha.5] - alpha and not even official yet There are definitely some good examples in there as well. I kinda wish it were filtered by what we had in `versions.prop` since those are currently the dependencies that we define and manage ourselves. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
