Hi, Why do we ignore PRs from dependabot? Generally, dependabot is useful to avoid security vulnerability.
Thanks, -- kou In <CAGvDy=qp=o4+uc7aq8g_nhvfwhgfm_804xkv7dvb2r4vosx...@mail.gmail.com> "[DISCUSS] Disable dependabot automated PRs" on Thu, 21 Jul 2022 15:35:57 +0200, Raul Cumplido Dominguez <r...@voltrondata.com.INVALID> wrote: > Hi, > > There was a discussion on Zulip dev about disabling dependabot alerts and > updates [1] > > Based on this Apache INFRA wiki page we should be able to disable them [2]. > > There are currently several open PRs from dependabot [3]. > > We don't seem to use them so I would like to close the current PRs and try > to disable them. > > I don't think a VOTE is required for this but I wanted to validate if this > is ok. > > Thanks, > Raúl > > [1] > https://ursalabs.zulipchat.com/#narrow/stream/180245-dev/topic/Dependabot > [2] > https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-DependabotAlertsandUpdates > [3] https://github.com/apache/arrow/pulls/app%2Fdependabot