-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable Dependabot v2 #5077
enable Dependabot v2 #5077
Conversation
Signed-off-by: Sean C. Sullivan <github@seansullivan.com>
Dependabot warnings and notices are already enabled for this project. However, due to legal reasons, we do not support the features of dependabot that automatically updates the dependencies in the project. |
He could explain what this does, and what he hopes for the project. We already have the dependabot warnings and notices enabled for this project for incoming changes. If this PR is meant to automatically upgrade our dependencies, that we cannot support due to Eclipse Legal and lack of ECA in that process. I'll give the OP 24 hours to reply, if I don't get anything i'm closing this PR. |
we will get a lot of (noisy?) pr to update our external dependencies such maven plugins, librairies(mongo, hazelcast) |
@joakime this doesn't update automatically the project but create PR so we can look if it need some Eclipse IP request. |
@olamy the generated PRs are not building and they are targeting 10, when 9 with merge forward would be better. Could we just change this to a weekly or monthly report? |
@gregw already changed to weekly 084db19 |
https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/