one unintended effect of reopening Git repositories for https://issues.apache.org/jira/browse/ATTIC-234 is that dependabot is activating again
Is the work on ATTIC-234, just need to archive the Git repositories again? or should we do something to deactivate Dependabot? Regards, Hervé Le jeudi 22 mai 2025, 20:50:36 CEST dependabot[bot] (via GitHub) a écrit : > dependabot[bot] opened a new pull request, #647: > URL: https://github.com/apache/usergrid/pull/647 > > Bumps > [org.eclipse.jgit:org.eclipse.jgit](https://github.com/eclipse-jgit/jgit) > from 3.1.0.201310021548-r to 7.2.1.202505142326-r. <details> > <summary>Commits</summary> > <ul> > <li><a > href="https://github.com/eclipse-jgit/jgit/commit/c212ced3806862cacfa8cb85c > f221061c7898b91"><code>c212ced</code></a> JGit v7.2.1.202505142326-r</li> > <li><a > href="https://github.com/eclipse-jgit/jgit/commit/c6fc3607079022e95b018b60c > 830b3da63bf6fef"><code>c6fc360</code></a> AmazonS3: Do not accept DOCTYPE > and entities</li> <li><a > href="https://github.com/eclipse-jgit/jgit/commit/dab4f52d49a4638142027b916 > e31a5a470df7f03"><code>dab4f52</code></a> ManifestParser: Do not accept > DOCTYPE and entities</li> <li><a > href="https://github.com/eclipse-jgit/jgit/commit/46a6378789fdc75e5b00d8009 > b136462bdd97174"><code>46a6378</code></a> Fix package name of spring boot > JarLauncher class in jgit.sh</li> <li><a > href="https://github.com/eclipse-jgit/jgit/commit/79736e412e971cea1d034e18d > 784f1d4d12b3a0f"><code>79736e4</code></a> Prepare 7.2.1-SNAPSHOT builds</li> > <li><a > href="https://github.com/eclipse-jgit/jgit/commit/fddef06ccb0034b6b747a6253 > 2025d3d712dbe47"><code>fddef06</code></a> JGit v7.2.0.202503040940-r</li> > <li><a > href="https://github.com/eclipse-jgit/jgit/commit/c43126fc84a5f123b2dec8afe > 1b3815ffba865d0"><code>c43126f</code></a> JGit v7.2.0.202503040805-r</li> > <li><a > href="https://github.com/eclipse-jgit/jgit/commit/28136bc499832d6031e1b99d9 > 8d0328c17d469d3"><code>28136bc</code></a> CacheRegion: fix non translatable > text warnings</li> <li><a > href="https://github.com/eclipse-jgit/jgit/commit/1468a80ff7859995c3a2e2018 > bbfea81312c76e9"><code>1468a80</code></a> Merge branch 'master' into > stable-7.2</li> <li><a > href="https://github.com/eclipse-jgit/jgit/commit/4ef88700db1da4ab07917b084 > 057769a43735682"><code>4ef8870</code></a> Ensure access to autoRefresh is > thread-safe</li> <li>Additional commits viewable in <a > href="https://github.com/eclipse-jgit/jgit/compare/v3.1.0.201310021548-r... > v7.2.1.202505142326-r">compare view</a></li> </ul> > </details> > <br /> > > > [](https:// > docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot > -security-updates#about-compatibility-scores) > > Dependabot will resolve any conflicts with this PR as long as you don't > alter it yourself. You can also trigger a rebase manually by commenting > `@dependabot rebase`. > > [//]: # (dependabot-automerge-start) > [//]: # (dependabot-automerge-end) > > --- > > <details> > <summary>Dependabot commands and options</summary> > <br /> > > You can trigger Dependabot actions by commenting on this PR: > - `@dependabot rebase` will rebase this PR > - `@dependabot recreate` will recreate this PR, overwriting any edits > that have been made to it - `@dependabot merge` will merge this PR after > your CI passes on it - `@dependabot squash and merge` will squash and merge > this PR after your CI passes on it - `@dependabot cancel merge` will cancel > a previously requested merge and block automerging - `@dependabot reopen` > will reopen this PR if it is closed > - `@dependabot close` will close this PR and stop Dependabot recreating > it. You can achieve the same result by closing it manually - `@dependabot > show <dependency name> ignore conditions` will show all of the ignore > conditions of the specified dependency - `@dependabot ignore this major > version` will close this PR and stop Dependabot creating any more for this > major version (unless you reopen the PR or upgrade to it yourself) - > `@dependabot ignore this minor version` will close this PR and stop > Dependabot creating any more for this minor version (unless you reopen the > PR or upgrade to it yourself) - `@dependabot ignore this dependency` will > close this PR and stop Dependabot creating any more for this dependency > (unless you reopen the PR or upgrade to it yourself) You can disable > automated security fix PRs for this repo from the [Security Alerts > page](https://github.com/apache/usergrid/network/alerts). > > </details>