Re: Bump dependabot to weekly?

2024-04-29 Thread Tim Allison 
https://github.com/apache/tika/commit/63b7e91477d1dcdb0a5535dd4a008a3562a0609b

W00t. Thank you, Tilman!

On Mon, Apr 29, 2024 at 10:58 AM Tilman Hausherr 
wrote:

> Yes!
>
> Tilman
>
> On 29.04.2024 16:55, Tim Allison wrote:
> > Oh, interesting. Should we bump this value to, say, 20?
> >
> >
> >
> https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
> > ?
> >
> > Thank you, Tilman!
> >
> > On Mon, Apr 29, 2024 at 10:47 AM Tilman Hausherr
> > wrote:
> >
> >> The positive side is that it's less interruptions.
> >> One negative side is that there seems to be a maximum. Today it didn't
> >> report the AWS update, which was detected in the past.
> >> Tilman
>
>

Re: Bump dependabot to weekly?

2024-04-29 Thread Tilman Hausherr 

Yes!

Tilman

On 29.04.2024 16:55, Tim Allison wrote:

Oh, interesting. Should we bump this value to, say, 20?


https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
?

Thank you, Tilman!

On Mon, Apr 29, 2024 at 10:47 AM Tilman Hausherr
wrote:


The positive side is that it's less interruptions.
One negative side is that there seems to be a maximum. Today it didn't
report the AWS update, which was detected in the past.
Tilman

Re: Bump dependabot to weekly?

2024-04-29 Thread Tim Allison 
Oh, interesting. Should we bump this value to, say, 20?


https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
?

Thank you, Tilman!

On Mon, Apr 29, 2024 at 10:47 AM Tilman Hausherr 
wrote:

> The positive side is that it's less interruptions.
> One negative side is that there seems to be a maximum. Today it didn't
> report the AWS update, which was detected in the past.
> Tilman
>
> On 29.04.2024 16:34, Tim Allison wrote:
> > The move to weekly dependabot has been a bit of a relief for me
> personally.
> > Our mail list isn't clogged w daily dependabot updates (and yes, I know I
> > can apply a filter :/).
> >
> > How is it working for everyone else?
> >
> > On Wed, Apr 10, 2024 at 4:09 PM Tim Allison  wrote:
> >
> >>> you start deleting them reflexively out of your email!
> >> Not Tilman!!!
> >>
> >> Let's move to weekly and see how that works?
> >>
> >> On Wed, Apr 10, 2024 at 3:57 PM Eric Pugh
> >>  wrote:
> >>> Hence why I like the monthly unless it’s a special case….  The flood of
> >> updates just means you start deleting them reflexively out of your
> email!
> >>   Now, if you have a dependency and you’re maybe actively working on
> it, and
> >> it’s changing quickly, then that might be an argument for daily.
>  On Apr 10, 2024, at 12:53 PM, Tilman Hausherr 
> >> wrote:
>  I'm fine with daily because this way we can learn ASAP if there are
> >> troubles with new dependency versions, although I'm now too busy.
>  Tilman
> 
> 
> 
>  -- Original-Nachricht --
>  Von: Tim Allison 
>  Betreff: Bump dependabot to weekly?
>  Datum: 10.04.2024, 18:08 Uhr
>  An:  
> 
>  All,
>    Tilman has been doing heroic work keeping us up to date with
>  dependabot's PRs. Given our pace of releases, would it make sense to
>  backoff to weekly updates?
>    Before running regression tests, we'd run the update plugin to make
>  sure that we're up to date.
>    What do you think?
> 
>  Best,
> 
>   Tim
> 
> >>> ___
> >>> Eric Pugh | Founder | OpenSource Connections, LLC | 434.466.1467 |
> >> http://www.opensourceconnections.com <
> >> http://www.opensourceconnections.com/> | My Free/Busy <
> >> http://tinyurl.com/eric-cal>
> >>> Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <
> >>
> https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw
> >>> This e-mail and all contents, including attachments, is considered to
> be
> >> Company Confidential unless explicitly stated otherwise, regardless of
> >> whether attachments are marked as such.
>
>
>

Re: Bump dependabot to weekly?

2024-04-29 Thread Eric Pugh 
I like the less noise!  And if you don’t get today’s AWS update, well, it will 
show up in a few days based on their relentless release cycle!


> On Apr 29, 2024, at 10:47 AM, Tilman Hausherr  wrote:
> 
> The positive side is that it's less interruptions.
> One negative side is that there seems to be a maximum. Today it didn't report 
> the AWS update, which was detected in the past.
> Tilman
> 
> On 29.04.2024 16:34, Tim Allison wrote:
>> The move to weekly dependabot has been a bit of a relief for me personally.
>> Our mail list isn't clogged w daily dependabot updates (and yes, I know I
>> can apply a filter :/).
>> 
>> How is it working for everyone else?
>> 
>> On Wed, Apr 10, 2024 at 4:09 PM Tim Allison > > wrote:
>> 
 you start deleting them reflexively out of your email!
>>> Not Tilman!!!
>>> 
>>> Let's move to weekly and see how that works?
>>> 
>>> On Wed, Apr 10, 2024 at 3:57 PM Eric Pugh
>>> mailto:ep...@opensourceconnections.com>> 
>>> wrote:
 Hence why I like the monthly unless it’s a special case….  The flood of
>>> updates just means you start deleting them reflexively out of your email!
>>>  Now, if you have a dependency and you’re maybe actively working on it, and
>>> it’s changing quickly, then that might be an argument for daily.
> On Apr 10, 2024, at 12:53 PM, Tilman Hausherr 
>>> wrote:
> I'm fine with daily because this way we can learn ASAP if there are
>>> troubles with new dependency versions, although I'm now too busy.
> Tilman
> 
> 
> 
> -- Original-Nachricht --
> Von: Tim Allison 
> Betreff: Bump dependabot to weekly?
> Datum: 10.04.2024, 18:08 Uhr
> An:  
> 
> All,
>  Tilman has been doing heroic work keeping us up to date with
> dependabot's PRs. Given our pace of releases, would it make sense to
> backoff to weekly updates?
>  Before running regression tests, we'd run the update plugin to make
> sure that we're up to date.
>  What do you think?
> 
>Best,
> 
> Tim
> 
 ___
 Eric Pugh | Founder | OpenSource Connections, LLC | 434.466.1467 |
>>> http://www.opensourceconnections.com 
>>>  <
>>> http://www.opensourceconnections.com/> | My Free/Busy <
>>> http://tinyurl.com/eric-cal>
 Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <
>>> https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw
 This e-mail and all contents, including attachments, is considered to be
>>> Company Confidential unless explicitly stated otherwise, regardless of
>>> whether attachments are marked as such.

___
Eric Pugh | Founder | OpenSource Connections, LLC | 434.466.1467 | 
http://www.opensourceconnections.com  | 
My Free/Busy   
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed 


This e-mail and all contents, including attachments, is considered to be 
Company Confidential unless explicitly stated otherwise, regardless of whether 
attachments are marked as such.

Re: Bump dependabot to weekly?

2024-04-29 Thread Tilman Hausherr 

The positive side is that it's less interruptions.
One negative side is that there seems to be a maximum. Today it didn't 
report the AWS update, which was detected in the past.

Tilman

On 29.04.2024 16:34, Tim Allison wrote:

The move to weekly dependabot has been a bit of a relief for me personally.
Our mail list isn't clogged w daily dependabot updates (and yes, I know I
can apply a filter :/).

How is it working for everyone else?

On Wed, Apr 10, 2024 at 4:09 PM Tim Allison  wrote:


you start deleting them reflexively out of your email!

Not Tilman!!!

Let's move to weekly and see how that works?

On Wed, Apr 10, 2024 at 3:57 PM Eric Pugh
 wrote:

Hence why I like the monthly unless it’s a special case….  The flood of

updates just means you start deleting them reflexively out of your email!
  Now, if you have a dependency and you’re maybe actively working on it, and
it’s changing quickly, then that might be an argument for daily.

On Apr 10, 2024, at 12:53 PM, Tilman Hausherr 

wrote:

I'm fine with daily because this way we can learn ASAP if there are

troubles with new dependency versions, although I'm now too busy.

Tilman



-- Original-Nachricht --
Von: Tim Allison 
Betreff: Bump dependabot to weekly?
Datum: 10.04.2024, 18:08 Uhr
An:  

All,
  Tilman has been doing heroic work keeping us up to date with
dependabot's PRs. Given our pace of releases, would it make sense to
backoff to weekly updates?
  Before running regression tests, we'd run the update plugin to make
sure that we're up to date.
  What do you think?

Best,

 Tim


___
Eric Pugh | Founder | OpenSource Connections, LLC | 434.466.1467 |

http://www.opensourceconnections.com <
http://www.opensourceconnections.com/> | My Free/Busy <
http://tinyurl.com/eric-cal>

Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <

https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw

This e-mail and all contents, including attachments, is considered to be

Company Confidential unless explicitly stated otherwise, regardless of
whether attachments are marked as such.

Re: Bump dependabot to weekly?

2024-04-29 Thread Tim Allison 
The move to weekly dependabot has been a bit of a relief for me personally.
Our mail list isn't clogged w daily dependabot updates (and yes, I know I
can apply a filter :/).

How is it working for everyone else?

On Wed, Apr 10, 2024 at 4:09 PM Tim Allison  wrote:

> >you start deleting them reflexively out of your email!
> Not Tilman!!!
>
> Let's move to weekly and see how that works?
>
> On Wed, Apr 10, 2024 at 3:57 PM Eric Pugh
>  wrote:
> >
> > Hence why I like the monthly unless it’s a special case….  The flood of
> updates just means you start deleting them reflexively out of your email!
>  Now, if you have a dependency and you’re maybe actively working on it, and
> it’s changing quickly, then that might be an argument for daily.
> >
> > > On Apr 10, 2024, at 12:53 PM, Tilman Hausherr 
> wrote:
> > >
> > > I'm fine with daily because this way we can learn ASAP if there are
> troubles with new dependency versions, although I'm now too busy.
> > >
> > > Tilman
> > >
> > >
> > >
> > > -- Original-Nachricht --
> > > Von: Tim Allison 
> > > Betreff: Bump dependabot to weekly?
> > > Datum: 10.04.2024, 18:08 Uhr
> > > An:  
> > >
> > > All,
> > >  Tilman has been doing heroic work keeping us up to date with
> > > dependabot's PRs. Given our pace of releases, would it make sense to
> > > backoff to weekly updates?
> > >  Before running regression tests, we'd run the update plugin to make
> > > sure that we're up to date.
> > >  What do you think?
> > >
> > >Best,
> > >
> > > Tim
> > >
> >
> > ___
> > Eric Pugh | Founder | OpenSource Connections, LLC | 434.466.1467 |
> http://www.opensourceconnections.com <
> http://www.opensourceconnections.com/> | My Free/Busy <
> http://tinyurl.com/eric-cal>
> > Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <
> https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw
> >
> > This e-mail and all contents, including attachments, is considered to be
> Company Confidential unless explicitly stated otherwise, regardless of
> whether attachments are marked as such.
> >
>

Re: Bump dependabot to weekly?

2024-04-10 Thread Tim Allison 
>you start deleting them reflexively out of your email!
Not Tilman!!!

Let's move to weekly and see how that works?

On Wed, Apr 10, 2024 at 3:57 PM Eric Pugh
 wrote:
>
> Hence why I like the monthly unless it’s a special case….  The flood of 
> updates just means you start deleting them reflexively out of your email!   
> Now, if you have a dependency and you’re maybe actively working on it, and 
> it’s changing quickly, then that might be an argument for daily.
>
> > On Apr 10, 2024, at 12:53 PM, Tilman Hausherr  wrote:
> >
> > I'm fine with daily because this way we can learn ASAP if there are 
> > troubles with new dependency versions, although I'm now too busy.
> >
> > Tilman
> >
> >
> >
> > -- Original-Nachricht --
> > Von: Tim Allison 
> > Betreff: Bump dependabot to weekly?
> > Datum: 10.04.2024, 18:08 Uhr
> > An:  
> >
> > All,
> >  Tilman has been doing heroic work keeping us up to date with
> > dependabot's PRs. Given our pace of releases, would it make sense to
> > backoff to weekly updates?
> >  Before running regression tests, we'd run the update plugin to make
> > sure that we're up to date.
> >  What do you think?
> >
> >Best,
> >
> > Tim
> >
>
> ___
> Eric Pugh | Founder | OpenSource Connections, LLC | 434.466.1467 | 
> http://www.opensourceconnections.com  
> | My Free/Busy 
> Co-Author: Apache Solr Enterprise Search Server, 3rd Ed 
> 
> This e-mail and all contents, including attachments, is considered to be 
> Company Confidential unless explicitly stated otherwise, regardless of 
> whether attachments are marked as such.
>

Re: Bump dependabot to weekly?

2024-04-10 Thread Eric Pugh 
Hence why I like the monthly unless it’s a special case….  The flood of updates 
just means you start deleting them reflexively out of your email!   Now, if you 
have a dependency and you’re maybe actively working on it, and it’s changing 
quickly, then that might be an argument for daily.

> On Apr 10, 2024, at 12:53 PM, Tilman Hausherr  wrote:
> 
> I'm fine with daily because this way we can learn ASAP if there are troubles 
> with new dependency versions, although I'm now too busy.
> 
> Tilman 
> 
> 
> 
> -- Original-Nachricht --
> Von: Tim Allison 
> Betreff: Bump dependabot to weekly?
> Datum: 10.04.2024, 18:08 Uhr
> An:  
> 
> All,
>  Tilman has been doing heroic work keeping us up to date with
> dependabot's PRs. Given our pace of releases, would it make sense to
> backoff to weekly updates?
>  Before running regression tests, we'd run the update plugin to make
> sure that we're up to date.
>  What do you think?
> 
>Best,
> 
> Tim
> 

___
Eric Pugh | Founder | OpenSource Connections, LLC | 434.466.1467 | 
http://www.opensourceconnections.com  | 
My Free/Busy   
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed 


This e-mail and all contents, including attachments, is considered to be 
Company Confidential unless explicitly stated otherwise, regardless of whether 
attachments are marked as such.

Re: Bump dependabot to weekly?

2024-04-10 Thread Nicholas DiPiazza 
Less frequent is good

On Wed, Apr 10, 2024, 11:29 AM Eric Pugh 
wrote:

> Or even monthly?   Some projects release so frequently that you get many
> upgrades between release cycles, so it feels more treadmill-ish….
>
> On the Quepid project I changed it to run on the first day of the month,
> and that’s been plenty ;-).
>
>
>
>
> > On Apr 10, 2024, at 12:08 PM, Tim Allison  wrote:
> >
> > All,
> >  Tilman has been doing heroic work keeping us up to date with
> > dependabot's PRs. Given our pace of releases, would it make sense to
> > backoff to weekly updates?
> >  Before running regression tests, we'd run the update plugin to make
> > sure that we're up to date.
> >  What do you think?
> >
> >Best,
> >
> > Tim
>
> ___
> Eric Pugh | Founder | OpenSource Connections, LLC | 434.466.1467 |
> http://www.opensourceconnections.com <
> http://www.opensourceconnections.com/> | My Free/Busy <
> http://tinyurl.com/eric-cal>
> Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <
> https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
>
> This e-mail and all contents, including attachments, is considered to be
> Company Confidential unless explicitly stated otherwise, regardless of
> whether attachments are marked as such.
>
>

Re: Bump dependabot to weekly?

2024-04-10 Thread Eric Pugh 
Or even monthly?   Some projects release so frequently that you get many 
upgrades between release cycles, so it feels more treadmill-ish….   

On the Quepid project I changed it to run on the first day of the month, and 
that’s been plenty ;-).




> On Apr 10, 2024, at 12:08 PM, Tim Allison  wrote:
> 
> All,
>  Tilman has been doing heroic work keeping us up to date with
> dependabot's PRs. Given our pace of releases, would it make sense to
> backoff to weekly updates?
>  Before running regression tests, we'd run the update plugin to make
> sure that we're up to date.
>  What do you think?
> 
>Best,
> 
> Tim

___
Eric Pugh | Founder | OpenSource Connections, LLC | 434.466.1467 | 
http://www.opensourceconnections.com  | 
My Free/Busy   
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed 


This e-mail and all contents, including attachments, is considered to be 
Company Confidential unless explicitly stated otherwise, regardless of whether 
attachments are marked as such.