Hi, I would prefer a solution that fixes the email issue, but if it bothers others, I guess I could enable dependabot on my fork of commons-imaging, commons-lang, commons-text, or any other repository that I may RM one day.
I use dependabot in other personal and $work projects and it's very helpful for Python & JS. Especially JS, where some updates may prevent security issues - even if you don't have a CVE in one of these dependencies, it's common that transitive dependencies have a CVE and due to how version ranges work in JS it's much more common to be affected indirectly, so I use dependabot and other tools like ncu to scan for updates. For Java I normally see the security warnings in the GitHub security tab/HackerNews/Twitter/etc and fix it before dependabot can send a PR - this was the case in Apache Jena for log4j2, a few days ago. For the Java projects, I find that it helps me knowing when things are broken due to updates. Like new versions of SpotBugs or Checkstyle that break the code. I prefer to fix that as soon as I have spare time, rather than when during a release. With Imaging, in alpha-1 release I think, I had a short 2-3 days period to prepare the release, and during the step of updating dependencies, I found some FindBugs issues reported by the new version I was updating to, and spent the whole 2-3 days fixing it, then had to wait for another time to try to release again. So if there is no solution for the noise that dependabot causes, I will use my fork with dependabot enabled to monitor if any PR fails, and see if it is something important. -Bruno On Wednesday, 29 December 2021, 07:20:35 am NZDT, Phil Steitz <phil.ste...@gmail.com> wrote: I can no longer effectively monitor commits@ due to the spam generated by this tool. I am afraid my eyeballs aren't the only ones going missing here and that is a problem much more severe than any value provided by this tool, IMO. Phil --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org