Re: Reroute Dependabot emails to a separate separate list
By the way, I found an example config file that customized notification emails to use subjects that are more commonly supported by email clients to turn them into threads properly: https://github.com/apache/plc4x/blob/develop/.asf.yaml > On Feb 16, 2023, at 12:14 PM, Matt Sicker wrote: > > My mail server doesn’t offer sophisticated enough filtering to properly > filter out that sort of thing. For example, while I can set up a filter > around Dependabot itself, that doesn’t handle all the automated emails in > response to that such as a committer merging the update. And that’s besides > the GitHub notification emails having such terrible subjects that they’re > hardly useful to read without opening the email itself. > > Now that we have the tools to do it, I think we should. If there are no > objections, I’ll look into configuring this sometime soon (though still > fairly busy at work until the end of the month). > >> On Feb 15, 2023, at 10:20 PM, Ralph Goers wrote: >> >> I was able to set up filtering at my mail server to route all the automated >> stuff to other folders. However, The Jira stuff still gets mixed in with >> GitHub stuff. But the more we can do to separate the noise the better. >> >> Ralph >> >>> On Feb 15, 2023, at 1:06 PM, Matt Sicker wrote: >>> >>> Seems as though the .asf.yaml file now supports not only redirecting the >>> bot emails to another list, but we can reconfigure the subjects generated >>> in the GitHub notifications which are otherwise nearly useless to skim over. >>> >>> I still can’t keep up with this project very well anymore because of the >>> Dependabot flooding. >>> — >>> Matt Sicker >>> On Feb 6, 2023, at 11:35, Matt Sicker wrote: I don’t want to get rid of the bot; it’s very useful. I just don’t want its notifications in my inbox, especially since they’re nearly impossible to filter without false positives (e.g., I can filter email from the bot itself, but then I still get emails from anyone here who interacts with the bot when dealing with its PRs which ends up flooding the notifications list, too). It’s simple enough to view the pull requests tab on GitHub once in a while to handle dependency updates (especially before beginning the release process). The rest of the notification activity we get is low volume enough that I should be able to follow it on a daily basis (and is how I typically notice new issues filed, new pull requests, etc). > On Feb 6, 2023, at 2:50 AM, Volkan Yazıcı wrote: > > I wouldn't aim for an exhaustive list. Your compilation is better than > what > we have right now, which is nothing. If we encounter something new, we can > extend this list. > > I think your changes could very well live in the official repository. I > don't think the disruption is big enough to warrant work in a fork. But > you > can decide this yourself. > > On Mon, Feb 6, 2023 at 9:37 AM Piotr P. Karwasz > wrote: > >> Hi Volkan, >> >> On Mon, 6 Feb 2023 at 08:55, Volkan Yazıcı wrote: >>> >>> You can configure dependabot to ignore certain major versions or update >>> types >>> < >> https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore >>> >>> : >>> >>> ... >>> >>> Doesn't this help you with your concern? >> >> That is exactly what I have done: >> >> https://github.com/ppkarwasz/logging-log4j2/blob/2.x/.github/dependabot.yml >> >> My main concern is: >> >> * is this list (mostly) complete? >> * for some dependencies (e.g. `slf4j-api`) we use multiple (1.7.25, >> latest 1.7.x and latest 2.x) versions depending on the module. >> >> I'll let Dependabot run for a couple of weeks on my fork, before >> submitting a PR to the main repo. >> >> Piotr >> >>> >> >
[VOTE] Release Apache Log4j 2.20.0-rc1
This is a vote to release Log4j 2.20.0, the next version of the Log4j 2 project. Please download, test, and cast your votes on the log4j developers list. [] +1, release the artifacts [] -1, don't release because... The vote will remain open for 72 hours. All votes are welcome and we encourage everyone to test the release, but only Logging PMC votes are “officially” counted. As always, at least 3 +1 votes and more positive than negative votes are required. Changes in this version include: Added • Add support for timezones in RollingFileAppender date pattern (for LOG4J2-1631 by Piotr P. Karwasz, Danas Mikelinskas) • Add LogEvent timestamp to ProducerRecord in KafkaAppender (for LOG4J2-2678 by Piotr P. Karwasz, Federico D’Ambrosio) • Add PatternLayout support for abbreviating the name of all logger components except the 2 rightmost (for LOG4J2-2785 by Ralph Goers, Markus Spann) • Removes internal field that leaked into public API. (for LOG4J2-3615 by Piotr P. Karwasz) • Add a LogBuilder#logAndGet() method to emulate the Logger#traceEntry method. (for LOG4J2-3645 by Piotr P. Karwasz) Changed • Simplify site generation (for 1166 by Volkan Yazıcı • Switch the issue tracker from JIRA to GitHub Issues (for 1172 by Volkan Yazıcı) • Remove liquibase-log4j2 maven module (for 1193 by StevenMassaro) • Fix order of stacktrace elements, that causes cache misses in ThrowableProxyHelper. (for 1214 by alex-dubrouski, Piotr P. Karwasz) • Switch from com.sun.mail to Eclipse Angus. (for LOG4J2-3554 by Oleh Astappiev, Piotr P. Karwasz) • Add Log4j2 Core as default runtime dependency of the SLF4J2-to-Log4j2 API bridge. (for LOG4J2-3601 by afs, Piotr P. Karwasz) • Replace maven-changes-plugin with a custom changelog implementation (for LOG4J2-3628 by Volkan Yazıcı) Deprecated • Deprecate support for package scanning for plugins (for LOG4J2-3644 by Ralph Goers) Fixed • Copy programmatically supplied location even if includeLocation="false". (for 1197 by Piotr P. Karwasz) • Eliminate status logger warning, when disableAnsi or noConsoleNoAnsi is used the style and highlight patterns. (for 1202 by wleese, Piotr P. Karwasz) • Fix detection of location requirements in RewriteAppender. (for 1274 by amirhadadi, Piotr P. Karwasz) • Replace regex with manual code to escape characters in Rfc5424Layout. (for 1277 by adwsingh) • Fix java.sql.Time object formatting in MapMessage (for LOG4J2-2297 by Ralph Goers) • Fix previous fire time computation in CronTriggeringPolicy (for LOG4J2-3357 by Ralph Goers) • Correct default to not include location for AsyncRootLoggers (for LOG4J2-3487 by Ralph Goers, Dave Messink) • Lazily evaluate the level of a SLF4J LogEventBuilder (for LOG4J2-3598 by Piotr P. Karwasz) • Fixes priority of Legacy system properties, which are now back to having higher priority than Environment variables. (for LOG4J2-3615 by adwsingh, Piotr P. Karwasz) • Protects ServiceLoaderUtil from unchecked ServiceLoader exceptions. (for LOG4J2-3624 by Piotr P. Karwasz) • Fix Configurator#setLevel for internal classes (for LOG4J2-3631 by Piotr P. Karwasz, Jeff Thomas) • Fix level propagation in Log4jBridgeHandler (for LOG4J2-3634 by Piotr P. Karwasz, Marcel Koch) • Disable OsgiServiceLocator if not running in OSGI container. (for LOG4J2-3642 by adwsingh, Piotr P. Karwasz) • When using a Date Lookup in the file pattern the current time should be used. (for LOG4J2-3643 by Ralph Goers) • Fixed LogBuilder filtering in the presence of global filters. (for LOG4J2-3647 by Piotr P. Karwasz) Tag: a) for a new copy do "git clone https://github.com/apache/logging-log4j2.git and then "git checkout tags/log4j-2.20.0-rc1” or just "git clone -b log4j-2.20.0-rc1 https://github.com/apache/logging-log4j2.git"; b) for an existing working copy to “git pull” and then “git checkout tags/log4j-2.20.0-rc1” Web Site: https://logging.staged.apache.org/log4j/2.x/index.html. Maven Artifacts: https://repository.apache.org/content/repositories/orgapachelogging-1098/ Distribution archives: https://dist.apache.org/repos/dist/dev/logging/log4j/ You may download all the Maven artifacts by executing: wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate https://repository.apache.org/content/repositories/orgapachelogging-1098/org/apache/logging/log4j/ Ralph
