commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: Dependabot pr's
Date Thu, 15 Oct 2020 18:30:52 GMT
On Thu, Oct 15, 2020 at 1:57 PM Bernd Eckenfels <ecki@zusammenkunft.net>
wrote:

> Before we do that, I need help. I am considering to ignore or unsubscribe
> the commit mailing list. Which is IMHO not a good thing (from the point of
> security reviews). However I cannot keep up with dependable suggestions
> (and don’t have an easy way to filter - and frankly I don’t want to spent
> any time on finding one)
>
> So can we turn the notifications off or at least send them to a different
> mailinglist?
>

Dependabot emails are sent from notifications@github.com, so we could ask
infra to create a list called... gh-notes@commons.apache.org?

Gary


> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> ________________________________
> Von: John Patrick <nhoj.patrick@gmail.com>
> Gesendet: Wednesday, October 14, 2020 3:17:22 PM
> An: Commons Developers List <dev@commons.apache.org>
> Betreff: Dependabot pr's
>
> to shortcut multiple people telling me not to manually raise pr's to
> upgrade dependencies, and dependabot is the preferred option for
> commons to be raising these upgrades, and i should raise a pr to
> enable dependabot.
>
> so... here are all the pr's to enable dependabot on the repo's which
> lack a dependabot.yml file.
>
> https://github.com/apache/commons-bsf/pull/2
> https://github.com/apache/commons-chain/pull/6
> https://github.com/apache/commons-crypto/pull/108
> https://github.com/apache/commons-daemon/pull/20
> https://github.com/apache/commons-digester/pull/6
> https://github.com/apache/commons-functor/pull/3
> https://github.com/apache/commons-geometry/pull/102
> https://github.com/apache/commons-jci/pull/3
> https://github.com/apache/commons-jcs/pull/16
> https://github.com/apache/commons-jelly/pull/7
> https://github.com/apache/commons-jexl/pull/27
> https://github.com/apache/commons-jxpath/pull/21
> https://github.com/apache/commons-math/pull/160
> https://github.com/apache/commons-numbers/pull/86
> https://github.com/apache/commons-ognl/pull/10
> https://github.com/apache/commons-proxy/pull/5
> https://github.com/apache/commons-rng/pull/79
> https://github.com/apache/commons-scxml/pull/9
> https://github.com/apache/commons-statistics/pull/25
> https://github.com/apache/commons-weaver/pull/5
>
> They all have the change md5sum for .github/dependabot.yml which
> matches the files in the other repos. I don't believe any other change
> is required but i might be wrong.
>
> John
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message