Gary, Merging every Dependabot bump for test/optional deps just clutters our history, spams CI/IDEs and brings no real value.
Please only merge them in sync with our release cycle or when they address an actual issue. Arturo On Sat, Jul 5, 2025 at 1:11 PM Oleg Kalnichevski <ol...@apache.org> wrote: > > On 2025-07-05 13:02, Gary Gregory wrote: > > Wow, at bit over the top there Oleg IMO. This was a low-hanging fruit > > I saw and took care of it. > > > > Gary > > The cause of the problem appears to have been IntelliJ, not JUnit > upgrade. My request still stands, however. Please, merge dependabot PRs > for test / optional dependencies in sync with the development cycle or > when they actually fix something. Merging each and every bump does not > help. > > Oleg > > > > > On Sat, Jul 5, 2025, 05:31 Oleg Kalnichevski <ol...@apache.org> wrote: > > > > Gary et al > > > > Could we stop merging those dependabot pull requests every time > > they pop > > up? Especially for test and optional dependencies? Please! > > > > Did we really need 3 upgrades of JUnit in the past 30 days? Now the > > commit log is filled with noise from dependabot and "Document > > dependency > > bumps" commits and JUnits no longer works for me in IntelliJ. What > > for? > > How does this help? > > > > Could we please merge those PRs at the beginning of a development > > cycle > > after an official release and then merge only those that actually fix > > something: security problems / regressions / something that actually > > affects us? > > > > Oleg > > > >
