On Thu, Oct 15, 2020 at 1:57 PM Bernd Eckenfels <e...@zusammenkunft.net> wrote:
> Before we do that, I need help. I am considering to ignore or unsubscribe > the commit mailing list. Which is IMHO not a good thing (from the point of > security reviews). However I cannot keep up with dependable suggestions > (and don’t have an easy way to filter - and frankly I don’t want to spent > any time on finding one) > > So can we turn the notifications off or at least send them to a different > mailinglist? > Dependabot emails are sent from notificati...@github.com, so we could ask infra to create a list called... gh-no...@commons.apache.org? Gary > Gruss > Bernd > -- > http://bernd.eckenfels.net > ________________________________ > Von: John Patrick <nhoj.patr...@gmail.com> > Gesendet: Wednesday, October 14, 2020 3:17:22 PM > An: Commons Developers List <dev@commons.apache.org> > Betreff: Dependabot pr's > > to shortcut multiple people telling me not to manually raise pr's to > upgrade dependencies, and dependabot is the preferred option for > commons to be raising these upgrades, and i should raise a pr to > enable dependabot. > > so... here are all the pr's to enable dependabot on the repo's which > lack a dependabot.yml file. > > https://github.com/apache/commons-bsf/pull/2 > https://github.com/apache/commons-chain/pull/6 > https://github.com/apache/commons-crypto/pull/108 > https://github.com/apache/commons-daemon/pull/20 > https://github.com/apache/commons-digester/pull/6 > https://github.com/apache/commons-functor/pull/3 > https://github.com/apache/commons-geometry/pull/102 > https://github.com/apache/commons-jci/pull/3 > https://github.com/apache/commons-jcs/pull/16 > https://github.com/apache/commons-jelly/pull/7 > https://github.com/apache/commons-jexl/pull/27 > https://github.com/apache/commons-jxpath/pull/21 > https://github.com/apache/commons-math/pull/160 > https://github.com/apache/commons-numbers/pull/86 > https://github.com/apache/commons-ognl/pull/10 > https://github.com/apache/commons-proxy/pull/5 > https://github.com/apache/commons-rng/pull/79 > https://github.com/apache/commons-scxml/pull/9 > https://github.com/apache/commons-statistics/pull/25 > https://github.com/apache/commons-weaver/pull/5 > > They all have the change md5sum for .github/dependabot.yml which > matches the files in the other repos. I don't believe any other change > is required but i might be wrong. > > John > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >