Hi, right now there are 3 opened pull requests:
#14: Update AbstractUserDatabase.java - this is more a request than a PR, so I'd be +1 on closing it without merging and redirecting the user to JIRA #15: Add dependabot config file (also contains a few javadocs fixes) - It would be a nice to have, but I'd like to request to add some exclusions (f.ex., servlet-api, jsp-api should not be upgraded, tomcat's updates should be ok within 9.x.x range but not for 10.x.x). Also, I've haven't used it so I don't know how dependabot behaves with versions not following semantic versioning. For instance, slf4j should stay on 1.7.30 and not be upgraded to latest 2.0.0-alpha1 #16: Refine class member fields - this is a big PR, as it affects 71 files. OTOH, changes on those files are small enough (mostly adding the final modifier throughout the code). I'd be more comfortable if we merge this after 2.11.0-M8. There are too many files affected by this PR, and I'd like to start the release vote tomorrow, so I think it's better if this kind of change is introduced with more time to see that there are no unintended side-effects.. sounds reasonable? best regards, juan pablo
