On Mon, Feb 10, 2025 at 10:21 AM Gilles Sadowski <gillese...@gmail.com> wrote:
> The commit below will generate a line in the release notes that says > "Thanks to Dependabot". > It generates a line that says "Bump org.apache.commons:commons-rng-bom from 1.5 to 1.6 #244 Thanks to Dependabot.". > I don't that it is useful (IMHO, it is even harmful if it is littered > with hardly > informative automated messages that drown functional changes). > Fine if there is an easy and safe way to update a dependency, but > should we thank a robot? > Do you mean we should leave out the whole line or just the "Thanks to Dependabot" part? I tried to follow the convention from other Commons projects where each dependency update gets such a line in the changelog. I don't mind the lines in the change log too much (it seems useful to see what got updated, especially when we group update lines in the log). On the other hand, I do think it's cumbersome that I can't simply merge a dependabot PR, but have to go in and update changes.xml. That doesn't seem easy to automate, though, and I'd say we don't want to add additional steps to the release process either. Kind regards, Arnout > > Le lun. 10 févr. 2025 à 09:45, <enge...@apache.org> a écrit : > > > > This is an automated email from the ASF dual-hosted git repository. > > > > engelen pushed a commit to branch master > > in repository https://gitbox.apache.org/repos/asf/commons-math.git > > > > > > The following commit(s) were added to refs/heads/master by this push: > > new aa1efd86a Update changes.xml > > aa1efd86a is described below > > > > commit aa1efd86a6ab5f229a3b579db16191d8e9672bf5 > > Author: Arnout Engelen <arn...@bzzt.net> > > AuthorDate: Mon Feb 10 09:44:16 2025 +0100 > > > > Update changes.xml > > --- > > src/changes/changes.xml | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/src/changes/changes.xml b/src/changes/changes.xml > > index bcd88487e..887ba868c 100644 > > --- a/src/changes/changes.xml > > +++ b/src/changes/changes.xml > > @@ -96,6 +96,7 @@ Caveat: > > to support the whole codebase (it was one of the main reasons for > > creating more focused components). > > "> > > + <action dev="engelen" type="update" due-to="Dependabot">Bump > org.apache.commons:commons-rng-bom from 1.5 to 1.6 #244</action> > > <action dev="erans" type="update" issue="MATH-1669" due-to="Wolff > Bock von Wuelfingen"> > > Javadoc: Fix broken link. > > </action> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant
