I think we really want the PRs, the main benefit is to have the software built and tested WITH the dependency update, that is a huge time saver.
Gary On Wed, Sep 16, 2020, 13:17 Ralph Goers <ralph.go...@dslextreme.com> wrote: > I am not sure that is possible since Dependabot is actually creating PRs > and GitHub sends those to the mailing list. What I heard was that they > would like to have Dependabot just send reports from time to time about > what dependencies could be changed rather than create PRs. Matt also > mentioned that if Dependabot is going to create PRs then it should also > create the corresponding Jira issues and change.xml updates if and when > projects require those. > > Ralph > > > On Sep 16, 2020, at 10:05 AM, Gary Gregory <garydgreg...@gmail.com> > wrote: > > > > I think the desire-complaint is how to stop Dependabot from sending > emails > > to our ML. > > > > Gary > > > > On Wed, Sep 16, 2020, 09:33 Matt Sicker <boa...@gmail.com> wrote: > > > >> Did you know that you can configure Dependabot to ignore specific > >> dependencies and version ranges? You can also configure default > >> reviewers (see also the GitHub CODEOWNERS file which can help set up > >> default reviewers [1]). If desired, you can configure it to only make > >> PRs for security updates which would reduce them to the bare minimum. > >> If you read the (admittedly verbose) Dependabot message in the PR, it > >> has links to changelogs and whatnot for the PR it's making. Being that > >> they're PRs, I don't know of any way to hide notifications from it to > >> the dev list other than making your own filters. I think properly > >> configuring the bot would be appropriate; otherwise, it's not a useful > >> feature if it's simply ignored. > >> > >> Now if someone discovers how to automatically create Jira tickets to > >> go with the PRs, that'd be nifty. Or changelog entries. The underlying > >> code appears to be source-available, but not open source (restrictions > >> on use) [2]. > >> > >> [1]: > >> > https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners > >> [2]: https://github.com/dependabot/dependabot-core > >> > >> On Wed, 16 Sep 2020 at 07:51, Gilles Sadowski <gillese...@gmail.com> > >> wrote: > >>> > >>> Le mer. 16 sept. 2020 à 14:42, Jochen Wiedmann > >>> <jochen.wiedm...@gmail.com> a écrit : > >>>> > >>>> On Wed, Sep 16, 2020 at 2:38 PM Gilles Sadowski <gillese...@gmail.com > > > >> wrote: > >>>> > >>>>> Isn't what > >>>>> https://spamassassin.apache.org/ > >>>>> is about? > >>>> > >>>> Not that I am uptodate, but at least historically it hasn't. It's > >>>> mostly about blocking spam. Related, but not necessarily reusable for > >>>> the suggested purpose. > >>> > >>> I don't know the details either; I meant that, in order to block > >>> <unsolicited contents>, the first step is to recognize it as such. > >>> > >>> From the above web site: > >>> ---CUT--- > >>> [...] anti-spam platform giving system administrators a filter to > >>> classify email [...] > >>> [...] scoring framework and plug-ins to integrate a wide range of > >>> advanced heuristic and statistical analysis tests on email headers and > >>> body text including text analysis [...] > >>> ---CUT--- > >>> > >>> Gilles > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >>> For additional commands, e-mail: dev-h...@commons.apache.org > >>> > >> > >> > >> -- > >> Matt Sicker <boa...@gmail.com> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >> For additional commands, e-mail: dev-h...@commons.apache.org > >> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
