Side note, I used a command-line tool I wrote called 'jamira' to file most of these and have them appear as the person who originally filed the issue and did the work.
A couple examples:
jamira create issue --fix-version=9.0.0-M9 --reporter=ruelland
--assignee=ruelland --type="Dependency upgrade" TOMEE "Jackson 2.13.4"
jamira create issue --fix-version=9.0.0-M9 --reporter=rzo1 --assignee=rzo1
--type="Dependency upgrade" TOMEE "Apache Tomcat 10.0.23"
I'll probably make myself a little convenience wrapper script for that so I can
just type something like "upgrade.sh Apache Tomcat 10.0.23"
Throwing the idea out in case anyone wants to do something similar. I'm not a
fan of clicking :)
Happy weekend!
-David
> On Sep 9, 2022, at 4:02 PM, David Blevins <[email protected]> wrote:
>
> Hey All,
>
> I did some cleanup of the dependency upgrade JIRAs for 9.0.0-M8. Here's what
> they look like:
>
> • [TOMEE-3800] - Apache DBCP 2.9.0
> • [TOMEE-3999] - Apache MyFaces 3.0.2
> • [TOMEE-4006] - slf4j 1.7.36
> • [TOMEE-4009] - WSS4J 2.4.1
> • [TOMEE-4010] - xmlsec 3.0.0
> • [TOMEE-4018] - bcprov-jdk15on 1.70
> • [TOMEE-4026] - Apache Johnzon 1.2.19
> • [TOMEE-4030] - Apache Log4J2 2.18.0
> • [TOMEE-4036] - EclipseLink 3.0.3
> • [TOMEE-4037] - Eclipse Mojarra 3.0.2
> • [TOMEE-4038] - Jackson 2.13.4
> • [TOMEE-4039] - Hibernate 6.1
> • [TOMEE-4040] - Apache Tomcat 10.0.23
>
> The release notes:
>
> -
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12350618
>
> Here's the logic I applied:
>
> - Normalize titles to "Foo 1.2.3" format and stripped out any "Upgrade" or
> "Update" prefixes
>
> - Remove the fixedVersion from obsoleted duplicates. If we have "Foo 1.2.3"
> and "Foo 1.2.4" marked as 9.0.0-M8, technically 1.2.3 is no longer in the
> release and could confuse people.
>
> - Split apart JIRAs that mention several upgrades so there's one JIRA per
> library
>
> - Changed the issue type of JIRAs that describe issues like "CVE-123-4567" or
> "Problem with x on older versions of y" to be Bug, Task, etc and filed an
> explicit and separate "Dependency upgrade"
>
> - Put the full brand name in, e.g. "Apache Tomcat" instead of just "Tomcat"
> (maybe this is noisy, I probably won't be so picky with this next time. I was
> just trying it out)
>
>
> Some open questions:
>
> - We should probably make sure to list our API version changes. Either in
> Dependency Upgrades or as New Features/Improvements (or both)
>
> - IMO users don't care about upgrades for our build and are only concerned
> with things they use. What do we think about limiting use of "Dependency
> Upgrade" issue type to things that are in TomEE and therefore affect users?
>
> Thoughts?
>
>
> -David
>
smime.p7s
Description: S/MIME cryptographic signature
