apache
diff --git a/‎.asf.yaml‎
Lines changed: 60 additions & 0 deletions b/‎.asf.yaml‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/question.md‎
Lines changed: 2 additions & 2 deletions b/‎.github/ISSUE_TEMPLATE/question.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/dependabot.yaml‎
Lines changed: 176 additions & 137 deletions b/‎.github/dependabot.yaml‎
Lines changed: 176 additions & 137 deletions
@@ -0,0 +1,60 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# `.asf.yaml` is a branch-specific YAML configuration file for Git repositories to control features such as notifications, GitHub settings, etc.
+# See its documentation for details: https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features
+
+# Bare minimum `notifications` to
+#
+# 1. Forward GitHub _activity_ to `notifications@`
+# 2. Forward commits to `commits@`
+# 3. Forward `dependabot` PRs to `robots@`
+#
+# Note that `notifications` are merged with the defaults accessible from: https://gitbox.apache.org/schemes.cgi?logging-log4j2
+notifications:
+  commits: commits@logging.apache.org
+  issues: notifications@logging.apache.org
+  pullrequests: notifications@logging.apache.org
+  pullrequests_bot_dependabot: robots@logging.apache.org
+  jira_options: link label worklog
+
+github:
+  description: "Apache Log4j is a versatile, feature-rich, efficient logging API and backend for Java."
+  homepage: https://logging.apache.org/log4j/2.x
+  features:
+    issues: true
+  del_branch_on_merge: true
+  autolink_jira:
+    - LOG4J2
+  labels:
+    - apache
+    - api
+    - java
+    - jvm
+    - library
+    - log4j
+    - log4j2
+    - logging
+    - logger
+    - api
+    - syslog
+
+  protected_branches:
+    main:
+      required_signatures: true
+    2.x:
+      required_signatures: true
@@ -3,6 +3,6 @@ name: Question
 about: Ask a question
 ---
 
-As clearly indicated in [the Log4j support page](https://logging.apache.org/log4j/2.x/support.html#issues), **please use mailing lists for questions!**
+As clearly indicated in [the Log4j support page](https://logging.apache.org/log4j/2.x/support.html#issues), **please use either GitHub Discussions or mailing lists for questions!**
 
-Issues asking questions will be removed, and you will be asked to post questions to the mailing lists instead.
+Issues asking questions will be removed, and asked to post questions to GitHub Discussions or mailing lists instead.
@@ -14,150 +14,189 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+
+#
+# ██     ██  █████  ██████  ███    ██ ██ ███    ██  ██████  ██
+# ██     ██ ██   ██ ██   ██ ████   ██ ██ ████   ██ ██       ██
+# ██  █  ██ ███████ ██████  ██ ██  ██ ██ ██ ██  ██ ██   ███ ██
+# ██ ███ ██ ██   ██ ██   ██ ██  ██ ██ ██ ██  ██ ██ ██    ██
+#  ███ ███  ██   ██ ██   ██ ██   ████ ██ ██   ████  ██████  ██
+#
+# `dependabot.yaml` must be stored in the `.github` directory of the default branch[1].
+#
+#  1. Make all your changes to this file!
+#     Don't create another `dependabot.yaml` – it will simply be discarded.
+#
+#  2. Always associate your entries to a branch!
+#     For instance, use `target-branch` in `updates` entries
+#
+# [1] https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+#
+
 version: 2
-# Add Maven Central explicitly to work around:
-#   https://github.com/dependabot/dependabot-core/issues/8329
+
+# Fix the Maven Central to the ASF repository to work around: https://github.com/dependabot/dependabot-core/issues/8329
 registries:
   maven-central:
     type: maven-repository
     url: https://repo.maven.apache.org/maven2
 
 updates:
-- package-ecosystem: maven
-  directory: "/"
-  open-pull-requests-limit: 10
-  schedule:
-    interval: "daily"
-  target-branch: "2.x"
-  registries:
-    - maven-central
-  ignore:
-    # Jetty 10.x does not have an internal logging API
-    - dependency-name: "org.eclipse.jetty:*"
-      update-types: ["version-update:semver-major"]
-    # EclipseLink 3.x is Jakarta EE 9
-    - dependency-name: "org.eclipse.persistence:*"
-      update-types: ["version-update:semver-major"]
-    # Spring 6.x is Jakarta EE 9
-    - dependency-name: "org.springframework:*"
-      update-types: ["version-update:semver-major"]
-    # Spring Boot 3.x is Jakarta EE 9
-    - dependency-name: "org.springframework.boot:*"
-      update-types: ["version-update:semver-major"]
-    # Spring Cloud 2022.x is Jakarta EE 9
-    - dependency-name: "org.springframework.cloud:*"
-      update-types: ["version-update:semver-major"]
-    # Tomcat Juli 10.1.x requires Java 11
-    - dependency-name: "org.apache.tomcat:*"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
-    # Keep Logback version 1.2.x
-    - dependency-name: "ch.qos.logback:*"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
-    # Mockito 5.x requires Java 11
-    - dependency-name: "org.mockito:*"
-      update-types: ["version-update:semver-major"]
-    # JUnit Pioneer 2.x requires Java 11
-    - dependency-name: "org.junit-pioneer:*"
-      update-types: ["version-update:semver-major"]
-    # Apache Cassandra: keep version 3.x
-    - dependency-name: "org.apache.cassandra:*"
-      versions: ["[4.0.0,)"]
-    # Kubernetes: keep version 5.x
-    - dependency-name: "io.fabric8:*"
-      versions: ["[6.0.0,)"]
-    # `com.conversantmedia:disruptor` 1.2.16 requires Java 9
-    - dependency-name: "com.conversantmedia:disruptor"
-      versions: ["[1.2.16,)"]
-    # Keep Jakarta EE at version 9.0
-    - dependency-name: "jakarta.platform:*"
-      versions: ["[10.0.0,)"]
-    # OpenRewrite is quite noisy. Let us skip patch and minor updates:
-    - dependency-name: "org.openrewrite:*"
-      update-types: ["version-update:semver-minor", "version-update:semver-patch"]
-    - dependency-name: "org.openrewrite.maven:*"
-      update-types: ["version-update:semver-minor", "version-update:semver-patch"]
-    - dependency-name: "org.openrewrite.recipe:*"
-      update-types: ["version-update:semver-minor", "version-update:semver-patch"]
-    # Json Unit 3.x requires Java 17
-    - dependency-name: "net.javacrumbs.json-unit:*"
-      versions: ["[3.0.0,)"]
-    # Update both `disruptor.version` to latest 3.x version
-    # and `disruptor4.version` to latest 4.x version
-    - dependency-name: "com.lmax:disruptor"
-      update-types: ["version-update:semver-major"]
-    # WebCompere System Stubs requires Java 11
-    - dependency-name: "uk.org.webcompere:*"
-      versions: ["2.1.0,)"]
-    # SLF4J 1.7.x should only upgrade to 1.7.x and
-    # SLF4J 2.x should only upgrade to 2.x.
-    - dependency-name: "org.slf4j:slf4j-api"
-      update-types: ["version-update:semver-major"]
-    # Plexus Utils 4.x are for Maven 4.x
-    - dependency-name: "org.codehaus.plexus:plexus-utils"
-      versions: ["4,)"]
 
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: "daily"
-  target-branch: "2.x"
+  - package-ecosystem: maven
+    directory: "/"
+    open-pull-requests-limit: 10
+    schedule:
+      interval: "daily"
+    target-branch: "2.x"
+    registries:
+      - maven-central
+    ignore:
+      # Jetty 10.x does not have an internal logging API
+      - dependency-name: "org.eclipse.jetty:*"
+        update-types: [ "version-update:semver-major" ]
+      # EclipseLink 3.x is Jakarta EE 9
+      - dependency-name: "org.eclipse.persistence:*"
+        update-types: [ "version-update:semver-major" ]
+      # Spring 6.x is Jakarta EE 9
+      - dependency-name: "org.springframework:*"
+        update-types: [ "version-update:semver-major" ]
+      # Spring Boot 3.x is Jakarta EE 9
+      - dependency-name: "org.springframework.boot:*"
+        update-types: [ "version-update:semver-major" ]
+      # Spring Cloud 2022.x is Jakarta EE 9
+      - dependency-name: "org.springframework.cloud:*"
+        update-types: [ "version-update:semver-major" ]
+      # Tomcat Juli 10.1.x requires Java 11
+      - dependency-name: "org.apache.tomcat:*"
+        update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
+      # Keep Logback version 1.2.x
+      - dependency-name: "ch.qos.logback:*"
+        update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
+      # Mockito 5.x requires Java 11
+      - dependency-name: "org.mockito:*"
+        update-types: [ "version-update:semver-major" ]
+      # JUnit Pioneer 2.x requires Java 11
+      - dependency-name: "org.junit-pioneer:*"
+        update-types: [ "version-update:semver-major" ]
+      # Apache Cassandra: keep version 3.x
+      - dependency-name: "org.apache.cassandra:*"
+        versions: [ "[4.0.0,)" ]
+      # Kubernetes: keep version 5.x
+      - dependency-name: "io.fabric8:*"
+        versions: [ "[6.0.0,)" ]
+      # `com.conversantmedia:disruptor` 1.2.16 requires Java 9
+      - dependency-name: "com.conversantmedia:disruptor"
+        versions: [ "[1.2.16,)" ]
+      # Keep Jakarta EE at version 9.0
+      - dependency-name: "jakarta.platform:*"
+        versions: [ "[10.0.0,)" ]
+      # OpenRewrite is quite noisy. Let us skip patch and minor updates:
+      - dependency-name: "org.openrewrite:*"
+        update-types: [ "version-update:semver-minor", "version-update:semver-patch" ]
+      - dependency-name: "org.openrewrite.maven:*"
+        update-types: [ "version-update:semver-minor", "version-update:semver-patch" ]
+      - dependency-name: "org.openrewrite.recipe:*"
+        update-types: [ "version-update:semver-minor", "version-update:semver-patch" ]
+      # Json Unit 3.x requires Java 17
+      - dependency-name: "net.javacrumbs.json-unit:*"
+        versions: [ "[3.0.0,)" ]
+      # Update both `disruptor.version` to latest 3.x version
+      # and `disruptor4.version` to latest 4.x version
+      - dependency-name: "com.lmax:disruptor"
+        update-types: [ "version-update:semver-major" ]
+      # WebCompere System Stubs requires Java 11
+      - dependency-name: "uk.org.webcompere:*"
+        versions: [ "2.1.0,)" ]
+      # SLF4J 1.7.x should only upgrade to 1.7.x and
+      # SLF4J 2.x should only upgrade to 2.x.
+      - dependency-name: "org.slf4j:slf4j-api"
+        update-types: [ "version-update:semver-major" ]
+      # Plexus Utils 4.x are for Maven 4.x
+      - dependency-name: "org.codehaus.plexus:plexus-utils"
+        versions: [ "4,)" ]
+      # MongoDB 3.x should only upgrade to 3.x and
+      # MongoDB 4.x should only upgrade to 4.x
+      - dependency-name: "org.mongodb:*"
+        update-types: [ "version-update:semver-major" ]
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "2.x"
+
+  - package-ecosystem: npm
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "2.x"
+
+  - package-ecosystem: maven
+    directory: "/"
+    open-pull-requests-limit: 10
+    schedule:
+      interval: "daily"
+    target-branch: "main"
+    registries:
+      - maven-central
+    ignore:
+      # Jetty 10.x does not have an internal logging API
+      - dependency-name: "org.eclipse.jetty:*"
+        update-types: [ "version-update:semver-major" ]
+      # EclipseLink 3.x is Jakarta EE 9
+      - dependency-name: "org.eclipse.persistence:*"
+        update-types: [ "version-update:semver-major" ]
+      # Spring 6.x is Jakarta EE 9
+      - dependency-name: "org.springframework:*"
+        update-types: [ "version-update:semver-major" ]
+      # Spring Boot 3.x is Jakarta EE 9
+      - dependency-name: "org.springframework.boot:*"
+        update-types: [ "version-update:semver-major" ]
+      # Spring Cloud 2022.x is Jakarta EE 9
+      - dependency-name: "org.springframework.cloud:*"
+        update-types: [ "version-update:semver-major" ]
+      # Keep Logback version 1.2.x
+      - dependency-name: "ch.qos.logback:*"
+        update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
+      # Apache Cassandra: keep version 3.x
+      - dependency-name: "org.apache.cassandra:*"
+        versions: [ "[4.0.0,)" ]
+      # Kubernetes: keep version 5.x
+      - dependency-name: "io.fabric8:*"
+        versions: [ "[6.0.0,)" ]
+      # Keep Jakarta EE at version 9.0
+      - dependency-name: "jakarta.platform:*"
+        versions: [ "[10.0.0,)" ]
+      # OpenRewrite is quite noisy. Let us skip patch and minor updates:
+      - dependency-name: "org.openrewrite:*"
+        update-types: [ "version-update:semver-minor", "version-update:semver-patch" ]
+      - dependency-name: "org.openrewrite.maven:*"
+        update-types: [ "version-update:semver-minor", "version-update:semver-patch" ]
+      - dependency-name: "org.openrewrite.recipe:*"
+        update-types: [ "version-update:semver-minor", "version-update:semver-patch" ]
+      # Json Unit 3.x requires Java 17
+      - dependency-name: "net.javacrumbs.json-unit:*"
+        versions: [ "[3.0.0,)" ]
+      # SLF4J 1.7.x should only upgrade to 1.7.x and
+      # SLF4J 2.x should only upgrade to 2.x.
+      - dependency-name: "org.slf4j:slf4j-api"
+        update-types: [ "version-update:semver-major" ]
+      # Plexus Utils 4.x are for Maven 4.x
+      - dependency-name: "org.codehaus.plexus:plexus-utils"
+        versions: [ "[4,)" ]
+      # Don't upgrade to 3.x
+      - dependency-name: "org.apache.logging.log4j:log4j-api"
+        versions: [ "[3,)" ]
 
-- package-ecosystem: maven
-  directory: "/"
-  open-pull-requests-limit: 10
-  schedule:
-    interval: "daily"
-  target-branch: "main"
-  registries:
-    - maven-central
-  ignore:
-    # Jetty 10.x does not have an internal logging API
-    - dependency-name: "org.eclipse.jetty:*"
-      update-types: ["version-update:semver-major"]
-    # EclipseLink 3.x is Jakarta EE 9
-    - dependency-name: "org.eclipse.persistence:*"
-      update-types: ["version-update:semver-major"]
-    # Spring 6.x is Jakarta EE 9
-    - dependency-name: "org.springframework:*"
-      update-types: ["version-update:semver-major"]
-    # Spring Boot 3.x is Jakarta EE 9
-    - dependency-name: "org.springframework.boot:*"
-      update-types: ["version-update:semver-major"]
-    # Spring Cloud 2022.x is Jakarta EE 9
-    - dependency-name: "org.springframework.cloud:*"
-      update-types: ["version-update:semver-major"]
-    # Keep Logback version 1.2.x
-    - dependency-name: "ch.qos.logback:*"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
-    # Apache Cassandra: keep version 3.x
-    - dependency-name: "org.apache.cassandra:*"
-      versions: ["[4.0.0,)"]
-    # Kubernetes: keep version 5.x
-    - dependency-name: "io.fabric8:*"
-      versions: ["[6.0.0,)"]
-    # Keep Jakarta EE at version 9.0
-    - dependency-name: "jakarta.platform:*"
-      versions: ["[10.0.0,)"]
-    # OpenRewrite is quite noisy. Let us skip patch and minor updates:
-    - dependency-name: "org.openrewrite:*"
-      update-types: ["version-update:semver-minor", "version-update:semver-patch"]
-    - dependency-name: "org.openrewrite.maven:*"
-      update-types: ["version-update:semver-minor", "version-update:semver-patch"]
-    - dependency-name: "org.openrewrite.recipe:*"
-      update-types: ["version-update:semver-minor", "version-update:semver-patch"]
-    # Json Unit 3.x requires Java 17
-    - dependency-name: "net.javacrumbs.json-unit:*"
-      versions: ["[3.0.0,)"]
-    # SLF4J 1.7.x should only upgrade to 1.7.x and
-    # SLF4J 2.x should only upgrade to 2.x.
-    - dependency-name: "org.slf4j:slf4j-api"
-      update-types: ["version-update:semver-major"]
-    # Plexus Utils 4.x are for Maven 4.x
-    - dependency-name: "org.codehaus.plexus:plexus-utils"
-      versions: ["4,)"]
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "main"
 
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: "daily"
-  target-branch: "main"
+  - package-ecosystem: npm
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "main"