Hi Gaetan,
Actually I did not show the right trunk (HEAD) version which is
https://github.com/apache/ofbiz-framework/blob/trunk/.github/dependabot.yml
But anyway the content is the same since
https://github.com/apache/ofbiz-framework/commit/a93b04bbb2205e4395f134c85e57a44e56b8c861
When I compare your PR with trunk HEAD, I indeed see no change at all in
dependabot.yml
https://github.com/apache/ofbiz-framework/compare/trunk...gtchaboussie:ofbiz-framework:OFBIZ-13306
Are you sure that the branch related to your PR is up to date with trunk HEAD?
Because in
https://github.com/gtchaboussie/ofbiz-framework/commit/dee6a10839b0f93534c85eccdbde1c6bb5461d0f
it could be the removing of package-ecosystem: npm in dependabot.yml
The one done by Jacopo 4 years ago?
BTW, maybe I'm missing something :)
TIA
Jacques
Le 24/03/2026 à 08:49, gaetan.chaboussie a écrit :
Hi @jacques,
I don't remember editing any file other than java, xml and gradle.
I'm not familiar enough with github and dependabot, and it seems the commit you mention (dee6a10) comes from trunk that was merged in the
OFBIZ-13306 branch.
If any action on my part affected it, i'm not sure wich one it was
Gaetan
On 3/24/26 06:39, Jacques Le Roux via dev wrote:
Hi,
While working on the "password issue", I found an interesting warning at
https://github.com/apache/ofbiz-framework/actions/runs/23431619247
*build*
<https://github.com/apache/ofbiz-framework/actions/runs/23431619247/job/68159137855#step:13:3>
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected:
actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11, actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93. Actions will be forced to
run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To
opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js
24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see:
https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
<https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/>
Show less
Do we have issues with Node 24 ?
Also while at it, @Gaetan: is there a reason why npm is removed from
.github/dependabot.yml
in
https://github.com/gtchaboussie/ofbiz-framework/commit/dee6a10839b0f93534c85eccdbde1c6bb5461d0f
?
I mean it's still in trunk
https://github.com/apache/ofbiz-framework/blob/a2a75e348d8472719b26642e2837b7dab2f20eaf/.github/dependabot.yml#L8
TIA
Jacques
Le 23/03/2026 à 17:13, gaetan.chaboussie a écrit :
Hi all,
So there has been a discussion on the merge request [1], thanks to all.
I can try to summerize the main points here:
The current Github CI builds OFBiz with java 17[2]. I'm not familiar enough
with the technology to
- How do we proceed with the Java version migration ?
- One option could be to ensure that OFBiz compiles woth Java 21, but keep
source and target in gradle set to Java 17
- This would induce setting up github CI to java 21 to ensure that the
code produced is 21 compliant.
- An other way would be to also migrate the source and target version in
gradle to java 21.
- This would me more coherent but would make the next migrations /
updates heavier.
- This would also mean that we would have to maintain two CI for a time
(17 and 21) for a time.
Are there any thoughts or opinions on how to handle the migration (of framework
and CI/CD), both in terms of actions and / or planning ?
TIA, Gaetan.
[1] https://github.com/apache/ofbiz-framework/pull/917
[2]
https://github.com/apache/ofbiz-framework/blob/a2a75e348d8472719b26642e2837b7dab2f20eaf/.github/workflows/gradle.yaml#L43
