FYI, there seem to be some issues with dependabot configs. It's useful when it fires, but it doesn't always, and sometimes it closes update PRs for no valid reason I can discern.
And of course there are the more complex updates that can require more than a simple number change in a pom.xml like https://github.com/apache/maven-surefire/pull/652 which I still haven't fully debugged On Wed, May 31, 2023 at 11:25 AM Jeremy Landis <jeremylan...@hotmail.com> wrote: > > Common thread I keep seeing. Update all the libraries! ...the common > thread.. No concern on this one but maven does still release vulnerable > plugin usage especially around transient commons collections. We keep > patching so it's also frustrating the speed of plugin releases that are not > accounting for already available pull requests only to see core team make > this argument each release recently... > > I think in general, same I tell my devs. Review the bot pull requests and > incorporate all the ones possible before any release. > > Sent from my Verizon, Samsung Galaxy smartphone > Get Outlook for Android<https://aka.ms/AAb9ysg> > ________________________________ > From: Elliotte Rusty Harold <elh...@ibiblio.org> > Sent: Wednesday, May 31, 2023 7:09:22 AM > To: Maven Developers List <dev@maven.apache.org> > Subject: Re: [VOTE] Release Apache Maven Release Plugin version 3.0.1 > > One minor dependency update to maven-scm: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fmaven-release%2Fpull%2F192&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=N%2B3ESphp2RdNQUw0Lmr1s41MrdDcFVth7rpvJJCVxjM%3D&reserved=0<https://github.com/apache/maven-release/pull/192> > > Otherwise, looks good. > > On Tue, May 30, 2023 at 9:35 PM Slawomir Jaranowski > <s.jaranow...@gmail.com> wrote: > > > > Hi, > > > > We solved 8 issues: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fsecure%2FReleaseNote.jspa%3FprojectId%3D12317824%26version%3D12353136&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=K0PqT3u1i%2BnCyjtXTFaeS5B%2Bf%2FkYtZbCuQGaZLHIANY%3D&reserved=0<https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317824&version=12353136> > > > > There are still a couple of issues left in JIRA: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fissues%2F%3Fjql%3Dproject%2520%253D%2520MRELEASE%2520AND%2520resolution%2520%253D%2520Unresolved&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=oWlIcdjMAesuCqZJji1g38cVL8mo8rTo47TjNZrdzQw%3D&reserved=0<https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRELEASE%20AND%20resolution%20%3D%20Unresolved> > > > > > > Staging repo: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Fmaven-1950%2F&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=lvgqlqCAjzalGHn96QSFkchLbh5MyTU9c8Cyo4B%2BN08%3D&reserved=0<https://repository.apache.org/content/repositories/maven-1950/> > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Fmaven-1950%2Forg%2Fapache%2Fmaven%2Frelease%2Fmaven-release%2F3.0.1%2Fmaven-release-3.0.1-source-release.zip&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=YTkPBYdoTpceNk8Zxy296APUndozmceHfzQ7NwzcThg%3D&reserved=0<https://repository.apache.org/content/repositories/maven-1950/org/apache/maven/release/maven-release/3.0.1/maven-release-3.0.1-source-release.zip> > > > > Source release checksum(s): > > maven-release-3.0.1-source-release.zip - SHA-512: > > e59018a70e67f8af38f4d02bc28703f54ec01d032bd9d21972d087bb196ed8997040da0600a687d5604ebed794ab444d67b697ae17f793f0e8908a4ca0a37f69 > > > > > > Staging site: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven.apache.org%2Fcomponents%2Fmaven-release-archives%2Fmaven-release-LATEST&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cJSBpS5K1UcmitC%2BlKYuqZpDjOGm%2F4LJ5bc8Fi9tb20%3D&reserved=0<https://maven.apache.org/components/maven-release-archives/maven-release-LATEST> > > > > Guide to testing staged releases: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven.apache.org%2Fguides%2Fdevelopment%2Fguide-testing-releases.html&data=05%7C01%7C%7Cd62172d30703417bea4008db61c7aba5%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211282439154797%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UQgW4ZDiIOZp16XxdvpWvoYu4eBXRxbTOLH4ZcYRQnQ%3D&reserved=0<https://maven.apache.org/guides/development/guide-testing-releases.html> > > > > Vote open for at least 72 hours. > > > > [ ] +1 > > [ ] +0 > > [ ] -1 > > > > -- > > Sławomir Jaranowski > > > > -- > Elliotte Rusty Harold > elh...@ibiblio.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > -- Elliotte Rusty Harold elh...@ibiblio.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org