You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@logging.apache.org by Gary Gregory <ga...@gmail.com> on 2020/08/26 13:41:55 UTC

Re: [apache/logging-log4j2] Bump jetty-util from 8.2.0.v20160908 to 9.4.31.v20200723 (#393)

Hi Volkan,

May you please document this version change in changes.xml?

Gary

On Wed, Aug 26, 2020 at 4:59 AM Volkan Yazıcı <no...@github.com>
wrote:

> Merged #393 <https://github.com/apache/logging-log4j2/pull/393> into
> master.
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/apache/logging-log4j2/pull/393#event-3693751051>, or
> unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAJB6NYYXZF72X4P3YYTTN3SCTFG7ANCNFSM4PMX6K2Q>
> .
>

Re: [apache/logging-log4j2] Bump jetty-util from 8.2.0.v20160908 to 9.4.31.v20200723 (#393)

Posted by Volkan Yazıcı <vo...@gmail.com>.

Done.

On Wed, Aug 26, 2020 at 3:42 PM Gary Gregory <ga...@gmail.com> wrote:

> Hi Volkan,
>
> May you please document this version change in changes.xml?
>
> Gary
>
> On Wed, Aug 26, 2020 at 4:59 AM Volkan Yazıcı <no...@github.com>
> wrote:
>
> > Merged #393 <https://github.com/apache/logging-log4j2/pull/393> into
> > master.
> >
> > —
> > You are receiving this because you are subscribed to this thread.
> > Reply to this email directly, view it on GitHub
> > <https://github.com/apache/logging-log4j2/pull/393#event-3693751051>, or
> > unsubscribe
> > <
> https://github.com/notifications/unsubscribe-auth/AAJB6NYYXZF72X4P3YYTTN3SCTFG7ANCNFSM4PMX6K2Q
> >
> > .
> >
>

Re: [apache/logging-log4j2] Bump jetty-util from 8.2.0.v20160908 to 9.4.31.v20200723 (#393)

Posted by Gary Gregory <ga...@gmail.com>.

I like to keep changes.xml in sync with the code/POM otherwise it's an
extra step/hassle to review git history before you cut a RC assuming you
even remember to do it ;-) but that's just me and I usually don't cut RCs
for Log4j.

Gary


On Wed, Aug 26, 2020, 10:06 Volkan Yazıcı <vo...@gmail.com> wrote:

> Hey Gary,
>
> Thanks for sparing time to check the changes. I was sort of sitting on the
> fence for what to do about them. I have also merged a couple of other
> dependabot PRs. Jackson, Apache Felix, JCTools, etc. libraries are upgraded
> as well. Though looking at changes.xml, for instance, I see two "Update
> Jackson from <old> to <new>." entries within the same <release
> version="3.0.0" ...> block. I thought documenting dependency upgrades just
> before cutting a new release. So shall we document dependency upgrades
>
>    1. right on the spot, allowing only a single entry?
>    2. right on the spot, allowing multiple entries? (e.g., Jackson example
>    above.)
>    3. prior to a release?
>
> Do we have a policy/convention for this? Unless there is, I'd vote for the
> 3rd option.
>
> Kind regards?
>
> On Wed, Aug 26, 2020 at 3:42 PM Gary Gregory <ga...@gmail.com>
> wrote:
>
> > Hi Volkan,
> >
> > May you please document this version change in changes.xml?
> >
> > Gary
> >
> > On Wed, Aug 26, 2020 at 4:59 AM Volkan Yazıcı <no...@github.com>
> > wrote:
> >
> > > Merged #393 <https://github.com/apache/logging-log4j2/pull/393> into
> > > master.
> > >
> > > —
> > > You are receiving this because you are subscribed to this thread.
> > > Reply to this email directly, view it on GitHub
> > > <https://github.com/apache/logging-log4j2/pull/393#event-3693751051>,
> or
> > > unsubscribe
> > > <
> >
> https://github.com/notifications/unsubscribe-auth/AAJB6NYYXZF72X4P3YYTTN3SCTFG7ANCNFSM4PMX6K2Q
> > >
> > > .
> > >
> >
>

Re: [apache/logging-log4j2] Bump jetty-util from 8.2.0.v20160908 to 9.4.31.v20200723 (#393)

Posted by Matt Sicker <bo...@gmail.com>.

I've asked this before, and Gary had mentioned that he liked showing
that we had tested Log4j with each of those dependency updates. That
way, users aren't forced to upgrade all their dependencies when
unnecessary.

On Wed, 26 Aug 2020 at 09:06, Volkan Yazıcı <vo...@gmail.com> wrote:
>
> Hey Gary,
>
> Thanks for sparing time to check the changes. I was sort of sitting on the
> fence for what to do about them. I have also merged a couple of other
> dependabot PRs. Jackson, Apache Felix, JCTools, etc. libraries are upgraded
> as well. Though looking at changes.xml, for instance, I see two "Update
> Jackson from <old> to <new>." entries within the same <release
> version="3.0.0" ...> block. I thought documenting dependency upgrades just
> before cutting a new release. So shall we document dependency upgrades
>
>    1. right on the spot, allowing only a single entry?
>    2. right on the spot, allowing multiple entries? (e.g., Jackson example
>    above.)
>    3. prior to a release?
>
> Do we have a policy/convention for this? Unless there is, I'd vote for the
> 3rd option.
>
> Kind regards?
>
> On Wed, Aug 26, 2020 at 3:42 PM Gary Gregory <ga...@gmail.com> wrote:
>
> > Hi Volkan,
> >
> > May you please document this version change in changes.xml?
> >
> > Gary
> >
> > On Wed, Aug 26, 2020 at 4:59 AM Volkan Yazıcı <no...@github.com>
> > wrote:
> >
> > > Merged #393 <https://github.com/apache/logging-log4j2/pull/393> into
> > > master.
> > >
> > > —
> > > You are receiving this because you are subscribed to this thread.
> > > Reply to this email directly, view it on GitHub
> > > <https://github.com/apache/logging-log4j2/pull/393#event-3693751051>, or
> > > unsubscribe
> > > <
> > https://github.com/notifications/unsubscribe-auth/AAJB6NYYXZF72X4P3YYTTN3SCTFG7ANCNFSM4PMX6K2Q
> > >
> > > .
> > >
> >



-- 
Matt Sicker <bo...@gmail.com>

Re: [apache/logging-log4j2] Bump jetty-util from 8.2.0.v20160908 to 9.4.31.v20200723 (#393)

Posted by Volkan Yazıcı <vo...@gmail.com>.

Hey Gary,

Thanks for sparing time to check the changes. I was sort of sitting on the
fence for what to do about them. I have also merged a couple of other
dependabot PRs. Jackson, Apache Felix, JCTools, etc. libraries are upgraded
as well. Though looking at changes.xml, for instance, I see two "Update
Jackson from <old> to <new>." entries within the same <release
version="3.0.0" ...> block. I thought documenting dependency upgrades just
before cutting a new release. So shall we document dependency upgrades

   1. right on the spot, allowing only a single entry?
   2. right on the spot, allowing multiple entries? (e.g., Jackson example
   above.)
   3. prior to a release?

Do we have a policy/convention for this? Unless there is, I'd vote for the
3rd option.

Kind regards?

On Wed, Aug 26, 2020 at 3:42 PM Gary Gregory <ga...@gmail.com> wrote:

> Hi Volkan,
>
> May you please document this version change in changes.xml?
>
> Gary
>
> On Wed, Aug 26, 2020 at 4:59 AM Volkan Yazıcı <no...@github.com>
> wrote:
>
> > Merged #393 <https://github.com/apache/logging-log4j2/pull/393> into
> > master.
> >
> > —
> > You are receiving this because you are subscribed to this thread.
> > Reply to this email directly, view it on GitHub
> > <https://github.com/apache/logging-log4j2/pull/393#event-3693751051>, or
> > unsubscribe
> > <
> https://github.com/notifications/unsubscribe-auth/AAJB6NYYXZF72X4P3YYTTN3SCTFG7ANCNFSM4PMX6K2Q
> >
> > .
> >
>