I've asked this before, and Gary had mentioned that he liked showing that we had tested Log4j with each of those dependency updates. That way, users aren't forced to upgrade all their dependencies when unnecessary.
On Wed, 26 Aug 2020 at 09:06, Volkan Yazıcı <volkan.yaz...@gmail.com> wrote: > > Hey Gary, > > Thanks for sparing time to check the changes. I was sort of sitting on the > fence for what to do about them. I have also merged a couple of other > dependabot PRs. Jackson, Apache Felix, JCTools, etc. libraries are upgraded > as well. Though looking at changes.xml, for instance, I see two "Update > Jackson from <old> to <new>." entries within the same <release > version="3.0.0" ...> block. I thought documenting dependency upgrades just > before cutting a new release. So shall we document dependency upgrades > > 1. right on the spot, allowing only a single entry? > 2. right on the spot, allowing multiple entries? (e.g., Jackson example > above.) > 3. prior to a release? > > Do we have a policy/convention for this? Unless there is, I'd vote for the > 3rd option. > > Kind regards? > > On Wed, Aug 26, 2020 at 3:42 PM Gary Gregory <garydgreg...@gmail.com> wrote: > > > Hi Volkan, > > > > May you please document this version change in changes.xml? > > > > Gary > > > > On Wed, Aug 26, 2020 at 4:59 AM Volkan Yazıcı <notificati...@github.com> > > wrote: > > > > > Merged #393 <https://github.com/apache/logging-log4j2/pull/393> into > > > master. > > > > > > — > > > You are receiving this because you are subscribed to this thread. > > > Reply to this email directly, view it on GitHub > > > <https://github.com/apache/logging-log4j2/pull/393#event-3693751051>, or > > > unsubscribe > > > < > > https://github.com/notifications/unsubscribe-auth/AAJB6NYYXZF72X4P3YYTTN3SCTFG7ANCNFSM4PMX6K2Q > > > > > > . > > > > > -- Matt Sicker <boa...@gmail.com>
