As already said +1000 Le sam. 19 oct. 2024 à 12:35, Mark Struberg <strub...@yahoo.de.invalid> a écrit :
> hi! > > I feel like dependabot ist mostly generating spam on PRs and on the > mailing lists. Looking at CXF for example you almost don't see any 'normal' > traffic anymore. And even at OWB it's mostly false positives as dependabot > doesn't work properly with all those apis targeting different JakartaEE > spec versions. > > And for other stuff I usually go through all our dependencies via > > $> mvn versions:display-plugin-updates > > and > > $> mvn versions:display-dependency-updates > > manually and do all the updates which make sense. > > That way our project is way less cluttered and we also keep track of the > updates in JIRA. > > wdyt? > > txs and LieGrue, > strub > >
