yes, agree on all of them cheers, Harry
On Mon, 7 Dec 2020 at 15:32, Juan Pablo Santos RodrÃguez < juanpablo.san...@gmail.com> wrote: > Hi, > > right now there are 3 opened pull requests: > > #14: Update AbstractUserDatabase.java - this is more a request than a PR, > so I'd be +1 on closing it without > merging and redirecting the user to JIRA > > #15: Add dependabot config file (also contains a few javadocs fixes) - It > would be a nice to have, but I'd like to > request to add some exclusions (f.ex., servlet-api, jsp-api should not be > upgraded, tomcat's updates should be > ok within 9.x.x range but not for 10.x.x). Also, I've haven't used it so I > don't know how dependabot behaves with > versions not following semantic versioning. For instance, slf4j should stay > on 1.7.30 and not be upgraded to > latest 2.0.0-alpha1 > > #16: Refine class member fields - this is a big PR, as it affects 71 files. > OTOH, changes on those files are small > enough (mostly adding the final modifier throughout the code). I'd be more > comfortable if we merge this after > 2.11.0-M8. There are too many files affected by this PR, and I'd like to > start the release vote tomorrow, so I think > it's better if this kind of change is introduced with more time to see that > there are no unintended side-effects.. > > sounds reasonable? > > > best regards, > juan pablo >