Re: Dependabot PRs' flooding
Feel free to try the setting -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Mon, Apr 25, 2022 at 10:45 AM Jean-Louis Monteiro < jlmonte...@tomitribe.com> wrote: > I remember reading some infra thread where projects were complaining a lot > about dependabot and the noise it produces. The last thing I remember is > that Apache decided to activate it on all repos of the org and without any > ways to disable it. > > Some projects requested to move emails to a /dev/null more or less and > some of them have a bot to automatically close and delete PRs+branches. > > Not too sure about the current status though. > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com > > > On Mon, Apr 25, 2022 at 8:22 AM Zowalla, Richard < > richard.zowa...@hs-heilbronn.de> wrote: > >> Hi, >> >> a few weeks ago, I noticed, that a lot of mails are generated by >> @dependabot on the TomEE repositories. >> >> It contains a lot of false positives (i.e. in the examples) and often >> requires additional efforts (i.e. code changes, xml adjustments) to >> upgrade. >> >> We are updating the dependencies before releases anyway (if they are >> important), so I am wondering, if we should disable @dependabot for the >> TomEE repositories? >> >> According to INFRA, it is possible to disable via >> >> https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-DependabotAlertsandUpdates >> >> Any thoughts? ;) >> >> Richard >> >
Re: Dependabot PRs' flooding
I remember reading some infra thread where projects were complaining a lot about dependabot and the noise it produces. The last thing I remember is that Apache decided to activate it on all repos of the org and without any ways to disable it. Some projects requested to move emails to a /dev/null more or less and some of them have a bot to automatically close and delete PRs+branches. Not too sure about the current status though. -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Mon, Apr 25, 2022 at 8:22 AM Zowalla, Richard < richard.zowa...@hs-heilbronn.de> wrote: > Hi, > > a few weeks ago, I noticed, that a lot of mails are generated by > @dependabot on the TomEE repositories. > > It contains a lot of false positives (i.e. in the examples) and often > requires additional efforts (i.e. code changes, xml adjustments) to > upgrade. > > We are updating the dependencies before releases anyway (if they are > important), so I am wondering, if we should disable @dependabot for the > TomEE repositories? > > According to INFRA, it is possible to disable via > > https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-DependabotAlertsandUpdates > > Any thoughts? ;) > > Richard >
Dependabot PRs' flooding
Hi, a few weeks ago, I noticed, that a lot of mails are generated by @dependabot on the TomEE repositories. It contains a lot of false positives (i.e. in the examples) and often requires additional efforts (i.e. code changes, xml adjustments) to upgrade. We are updating the dependencies before releases anyway (if they are important), so I am wondering, if we should disable @dependabot for the TomEE repositories? According to INFRA, it is possible to disable via https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-DependabotAlertsandUpdates Any thoughts? ;) Richard smime.p7s Description: S/MIME cryptographic signature