Hello everyone, I have been able to (re-)enable automated version upgrade bump PRs <https://github.com/apache/fineract/pulls?q=is%3Apr+label%3Adependencies+> for our dependencies!
.github/dependabot.yml <https://github.com/apache/fineract/blob/develop/.github/dependabot.yml> is where this is configured, using (now GitHub's) Dependabot. It covers not just Gradle deps for Java JAR libraries, but also GitHub action versions <https://github.com/apache/fineract/pulls?q=is%3Apr+is%3Aopen+label%3Agithub_actions> . We used to have another tool <https://github.com/apache/fineract/pulls?q=label%3Arenovate+> which did something similar like this (the Renovate Bot), but it stopped working last November; I'm looking into if we could have both or will remove Renovate <https://github.com/apache/fineract/pull/2075>. Because it's been a while, there are now many dependencies to upgrade. Doing this now after the 1.6.0 release is great timing, as there will be time to iron out any possible hiccups until the next release. FYI there is a "rate limiting" and more such PRs will be opened in the coming days & weeks, as the initial batch is being reviewed and merged. https://issues.apache.org/jira/browse/FINERACT-1453 has the full background. Best, M. _______________________ Michael Vorburger http://www.vorburger.ch
