So its been a while now that we are using dependabot in openmrs-core on the master branch. From my point of view it is working well: continuously creating PRs for updates while respecting the major versions of for example spring, hibernate, lucene we need to stick to. It also adds the dev-5 team as reviewers into the PR which notifies us of an update/PR.
QUESTION: Does it make sense to add the dev-4 github team into the dependabot reviewers? They have the write role on GitHub so should be able to merge these PRs. This would increase the potential reviewers and hopefully take some work of @dkayiwa which I see mostly merging them. If I don’t hear any meaningful objections I will add them.
ACTION/VOLUNTEER: is anyone interested in adapting the dependabot.yml for the other active branches? Actively maintained openmrs versions should also receive automatic version updates while respecting their particular major version requirements.