I am not sure that is possible since Dependabot is actually creating PRs and GitHub sends those to the mailing list. What I heard was that they would like to have Dependabot just send reports from time to time about what dependencies could be changed rather than create PRs. Matt also mentioned that if Dependabot is going to create PRs then it should also create the corresponding Jira issues and change.xml updates if and when projects require those.
Ralph > On Sep 16, 2020, at 10:05 AM, Gary Gregory <garydgreg...@gmail.com> wrote: > > I think the desire-complaint is how to stop Dependabot from sending emails > to our ML. > > Gary > > On Wed, Sep 16, 2020, 09:33 Matt Sicker <boa...@gmail.com> wrote: > >> Did you know that you can configure Dependabot to ignore specific >> dependencies and version ranges? You can also configure default >> reviewers (see also the GitHub CODEOWNERS file which can help set up >> default reviewers [1]). If desired, you can configure it to only make >> PRs for security updates which would reduce them to the bare minimum. >> If you read the (admittedly verbose) Dependabot message in the PR, it >> has links to changelogs and whatnot for the PR it's making. Being that >> they're PRs, I don't know of any way to hide notifications from it to >> the dev list other than making your own filters. I think properly >> configuring the bot would be appropriate; otherwise, it's not a useful >> feature if it's simply ignored. >> >> Now if someone discovers how to automatically create Jira tickets to >> go with the PRs, that'd be nifty. Or changelog entries. The underlying >> code appears to be source-available, but not open source (restrictions >> on use) [2]. >> >> [1]: >> https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners >> [2]: https://github.com/dependabot/dependabot-core >> >> On Wed, 16 Sep 2020 at 07:51, Gilles Sadowski <gillese...@gmail.com> >> wrote: >>> >>> Le mer. 16 sept. 2020 à 14:42, Jochen Wiedmann >>> <jochen.wiedm...@gmail.com> a écrit : >>>> >>>> On Wed, Sep 16, 2020 at 2:38 PM Gilles Sadowski <gillese...@gmail.com> >> wrote: >>>> >>>>> Isn't what >>>>> https://spamassassin.apache.org/ >>>>> is about? >>>> >>>> Not that I am uptodate, but at least historically it hasn't. It's >>>> mostly about blocking spam. Related, but not necessarily reusable for >>>> the suggested purpose. >>> >>> I don't know the details either; I meant that, in order to block >>> <unsolicited contents>, the first step is to recognize it as such. >>> >>> From the above web site: >>> ---CUT--- >>> [...] anti-spam platform giving system administrators a filter to >>> classify email [...] >>> [...] scoring framework and plug-ins to integrate a wide range of >>> advanced heuristic and statistical analysis tests on email headers and >>> body text including text analysis [...] >>> ---CUT--- >>> >>> Gilles >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >>> For additional commands, e-mail: dev-h...@commons.apache.org >>> >> >> >> -- >> Matt Sicker <boa...@gmail.com> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
