subject:"\[GitHub\] \[camel\-quarkus\] aldettinger commented on pull request #4433\: Fix #4128 add a dependabot to upgrade quarkiverse versions"

[GitHub] [camel-quarkus] aldettinger commented on pull request #4433: Fix #4128 add a dependabot to upgrade quarkiverse versions

2023-01-20 Thread GitBox

aldettinger commented on PR #4433: URL: https://github.com/apache/camel-quarkus/pull/4433#issuecomment-1398419074 Indeed, well spotted, not all updates are to be consumed. Also, I'm thinking the dependabot approach would encourage to increase each quarkiverse.* version independently.

[GitHub] [camel-quarkus] aldettinger commented on pull request #4433: Fix #4128 add a dependabot to upgrade quarkiverse versions

2023-01-20 Thread GitBox

aldettinger commented on PR #4433: URL: https://github.com/apache/camel-quarkus/pull/4433#issuecomment-1398171473 So, when we want to skip a version. Then we just modify the yaml file ? That would be a nice way to document what quarkiverse updates are dangling. -- This is an automated m

[GitHub] [camel-quarkus] aldettinger commented on pull request #4433: Fix #4128 add a dependabot to upgrade quarkiverse versions

2023-01-20 Thread GitBox

aldettinger commented on PR #4433: URL: https://github.com/apache/camel-quarkus/pull/4433#issuecomment-1398082960 Good time to experiment with new tools right after a release. Thus few questions. Will dependabot upgrade versions only linked to CVEs ? Or upgrade to any new release q