-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Dependabot #21092
Add Dependabot #21092
Conversation
ottnorml
commented
Oct 5, 2023
•
edited by penev92
edited by penev92
Thanks, but internal discussion came to the conclusion that we can't just automatically update dependencies. |
First of all, thanks to @abcdefg30 for the
Now that I have shown the extent of the dependencies, the small number of current updates, and the low probability of timely release of further updates, it is easier to estimate the effort to be expected in the future and move on to the next topic.
I hope that I could convince you with my arguments to give Dependabot a chance and just give it a try. So what can go wrong? Many greetings P.S.: |
P.P.S: |
Still, there is value in getting notified of a new version. What happens when we find out that we cannot use a new version, would dependabot regularly open PRs for it? Is it possible to open an issue instead? (And just one then.) |
A PR is better. The spamming issue is a separate out |