Getting rid of this is good for dormant components ONLY IMO. It is definitely not a release time task for me. As an RM, I certainly don't want to spend time doing this at release time. I want to update dependencies as they become available to let them become part of the code base where I can check and validate stability over time as I keep developing and maintaining. I want to know as soon as possible if something goes wrong, not at release time when *all i want to do* is release.
Gary On Tue, Oct 3, 2023, 10:47 AM Emmanuel Bourg <ebo...@apache.org> wrote: > Le 01/10/2023 à 14:09, sebb a écrit : > > As the subject says: how does one stop dependabot and other analyses > > from running on dormant components? > > +1 > > And even on all components, updating the dependencies is a release time > task. Updating 3 times the same Maven plugins between releases is a > waste of time. > > Emmanuel Bourg > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >