Renovate is a better alternative to dependabot and usually finds items deeper in builds such as IT tests with basically zero config and a nice issue tracker right on github showing full content of repo, anything team declined, etc. If you happen to check out mybatis repos, you can see it in action. Dependabot for security alerts will still work behind scenes otherwise.
Sent from my Verizon, Samsung Galaxy smartphone Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Elliotte Rusty Harold <elh...@ibiblio.org> Sent: Wednesday, May 31, 2023 7:33:47 AM To: Maven Developers List <dev@maven.apache.org> Subject: Re: [VOTE] Release Apache Maven Release Plugin version 3.0.1 FYI, there seem to be some issues with dependabot configs. It's useful when it fires, but it doesn't always, and sometimes it closes update PRs for no valid reason I can discern. And of course there are the more complex updates that can require more than a simple number change in a pom.xml like https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fmaven-surefire%2Fpull%2F652&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AQO3sJzqStxUXB8SyqhxQQRoWoFxoDur46p0TpynxOo%3D&reserved=0<https://github.com/apache/maven-surefire/pull/652> which I still haven't fully debugged On Wed, May 31, 2023 at 11:25 AM Jeremy Landis <jeremylan...@hotmail.com> wrote: > > Common thread I keep seeing. Update all the libraries! ...the common > thread.. No concern on this one but maven does still release vulnerable > plugin usage especially around transient commons collections. We keep > patching so it's also frustrating the speed of plugin releases that are not > accounting for already available pull requests only to see core team make > this argument each release recently... > > I think in general, same I tell my devs. Review the bot pull requests and > incorporate all the ones possible before any release. > > Sent from my Verizon, Samsung Galaxy smartphone > Get Outlook for > Android<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FAAb9ysg&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4E9vKXjn4Lcb7bg3v9lJp%2BZj3nzRDunBQ%2B0H%2FeOY3ZY%3D&reserved=0<https://aka.ms/AAb9ysg>> > ________________________________ > From: Elliotte Rusty Harold <elh...@ibiblio.org> > Sent: Wednesday, May 31, 2023 7:09:22 AM > To: Maven Developers List <dev@maven.apache.org> > Subject: Re: [VOTE] Release Apache Maven Release Plugin version 3.0.1 > > One minor dependency update to maven-scm: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fmaven-release%2Fpull%2F192&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bYhPHbuMm%2BtJho7sSqf0ce4fB0N%2Bc%2Bn8ngEFSs2PEHY%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fapache%2Fmaven-release%2Fpull%2F192&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=bYhPHbuMm%2BtJho7sSqf0ce4fB0N%2Bc%2Bn8ngEFSs2PEHY%3D&reserved=0><https://github.com/apache/maven-release/pull/192> > > Otherwise, looks good. > > On Tue, May 30, 2023 at 9:35 PM Slawomir Jaranowski > <s.jaranow...@gmail.com> wrote: > > > > Hi, > > > > We solved 8 issues: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fsecure%2FReleaseNote.jspa%3FprojectId%3D12317824%26version%3D12353136&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J8pRnyjaXcpmbcIS4ESCKc5OR%2FBWUSOEIEIPBaFbFFU%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fsecure%2FReleaseNote.jspa%3FprojectId%3D12317824%26version%3D12353136&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J8pRnyjaXcpmbcIS4ESCKc5OR%2FBWUSOEIEIPBaFbFFU%3D&reserved=0><https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317824&version=12353136> > > > > There are still a couple of issues left in JIRA: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fissues%2F%3Fjql%3Dproject%2520%253D%2520MRELEASE%2520AND%2520resolution%2520%253D%2520Unresolved&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J5HB6XDajLAZehSuhQRdqJifRwH7rUO4kR3GUeFXyKU%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fissues%2F%3Fjql%3Dproject%2520%253D%2520MRELEASE%2520AND%2520resolution%2520%253D%2520Unresolved&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=J5HB6XDajLAZehSuhQRdqJifRwH7rUO4kR3GUeFXyKU%3D&reserved=0><https://issues.apache.org/jira/issues/?jql=project%20%3D%20MRELEASE%20AND%20resolution%20%3D%20Unresolved> > > > > > > Staging repo: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Fmaven-1950%2F&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SBtPHBBVN7N6baFn9KpP28Zrzd1nd%2BDHiJ70dwsEDk8%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Fmaven-1950%2F&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SBtPHBBVN7N6baFn9KpP28Zrzd1nd%2BDHiJ70dwsEDk8%3D&reserved=0><https://repository.apache.org/content/repositories/maven-1950/> > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Fmaven-1950%2Forg%2Fapache%2Fmaven%2Frelease%2Fmaven-release%2F3.0.1%2Fmaven-release-3.0.1-source-release.zip&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=A7BQd5KE%2B8945DO9Sg6k%2BbuTvX19g7I3u%2FTTTg%2FLH2o%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepository.apache.org%2Fcontent%2Frepositories%2Fmaven-1950%2Forg%2Fapache%2Fmaven%2Frelease%2Fmaven-release%2F3.0.1%2Fmaven-release-3.0.1-source-release.zip&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190092716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=A7BQd5KE%2B8945DO9Sg6k%2BbuTvX19g7I3u%2FTTTg%2FLH2o%3D&reserved=0><https://repository.apache.org/content/repositories/maven-1950/org/apache/maven/release/maven-release/3.0.1/maven-release-3.0.1-source-release.zip> > > > > Source release checksum(s): > > maven-release-3.0.1-source-release.zip - SHA-512: > > e59018a70e67f8af38f4d02bc28703f54ec01d032bd9d21972d087bb196ed8997040da0600a687d5604ebed794ab444d67b697ae17f793f0e8908a4ca0a37f69 > > > > > > Staging site: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven.apache.org%2Fcomponents%2Fmaven-release-archives%2Fmaven-release-LATEST&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190248966%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dvibEGaVE%2BpruhSupLsbTCMdgMzbG6Lm%2FYWY8ZW1vR0%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven.apache.org%2Fcomponents%2Fmaven-release-archives%2Fmaven-release-LATEST&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190248966%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dvibEGaVE%2BpruhSupLsbTCMdgMzbG6Lm%2FYWY8ZW1vR0%3D&reserved=0><https://maven.apache.org/components/maven-release-archives/maven-release-LATEST> > > > > Guide to testing staged releases: > > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven.apache.org%2Fguides%2Fdevelopment%2Fguide-testing-releases.html&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190248966%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=l1gtAjGux7XRFx9WUYlms2g6La0Ev0bWb4UWDYEPR00%3D&reserved=0<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven.apache.org%2Fguides%2Fdevelopment%2Fguide-testing-releases.html&data=05%7C01%7C%7C3a3db68483ab49c23c2908db61cb1b66%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638211297190405192%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=H55%2BEBUZhT3QS2gtONKIoakHxyAgNP5KjRSN5SY97io%3D&reserved=0><https://maven.apache.org/guides/development/guide-testing-releases.html> > > > > Vote open for at least 72 hours. > > > > [ ] +1 > > [ ] +0 > > [ ] -1 > > > > -- > > Sławomir Jaranowski > > > > -- > Elliotte Rusty Harold > elh...@ibiblio.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > -- Elliotte Rusty Harold elh...@ibiblio.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
