Solrbot is aggressively opening dependency upgrade PRs. I think the general direction we're heading towards is to upgrade all dependency to the latest available versions.
Should we pause to rethink if that's the best idea? What if latest versions of libraries have vulnerabilities or bugs or instabilities that have yet to be uncovered? By letting other projects use them first, and by being conservative in upgrading, we can ensure better stability and reliability for our releases. As a search engine, we don't need to upgrade each and every library at the earliest opportunity all the time. Any thoughts?