I think it would help to break the dependencies into these categories:
-
Low hanging fruit (e.g., maintenance upgrades)
- Hopefully we could get as many of these ticketed & done for this Platform release. Any remaining could be slated for the next release.
-
Security vulnerabilities
- Discovering these will take extra work to review release notes for each dependency. Security updates should be prioritized by the community.
-
The “big” ones (e.g., Hibernate, Spring, MySQL)
- Simply just starting a conversation for each on where we stand and to begin planning what it would take to upgrade would be helpful. I don’t expect we could get these upgraded for this release, but it would be nice to start planning as a community on a strategy to get them upgraded.
-
Everything else
- Simply having a list (as you’ve started) and trying to iterate on process(es) to revisit them and start ticketing them and knocking them out would be great. Getting anything beyond the low hanging fruit into this release would be great, but not expected. But since we’re talking about dependencies, it would be nice to move the needle forward and begin creating tickets or thinking about how we could get these updated more regularly in future releases.