Hey everyone,
Recently I’ve been frustrated by the volume of new dependabot PR’s in the repo
as it is obstructing user submitted PR’s and has become a maintenance burden.
The biggest offenders here are the gremlint and gremlin-javascript dependencies
such as @types/node, eslint,
It looks like Apache Infra has flipped on dependabot for all projects. It's
not configured right for our purposes. I assume that our local
configuration will sorta override their global one, so I sense that since
we've flipped it on ourselves for everything we probably should switch it
on for
Florian Hockmann has been running dependabot on .NET for a while now and
given that we are shooting for shorter maintenance lines where we can take
breaking dependency changes more readily, I think it's worth trying to
expand dependabot usage. I'd like to start with Python and see how that
goes.
t stays activated.
> >
> > -Ursprüngliche Nachricht-
> > Von: Stephen Mallette
> > Gesendet: Donnerstag, 7. November 2019 14:08
> > An: dev@tinkerpop.apache.org
> > Betreff: Re: [DISCUSS] dependabot
> >
> > I'd be content with alerts on the
hy it was activated and
> whether it stays activated.
>
> -Ursprüngliche Nachricht-
> Von: Stephen Mallette
> Gesendet: Donnerstag, 7. November 2019 14:08
> An: dev@tinkerpop.apache.org
> Betreff: Re: [DISCUSS] dependabot
>
> I'd be content with alerts on the secur
and whether
it stays activated.
-Ursprüngliche Nachricht-
Von: Stephen Mallette
Gesendet: Donnerstag, 7. November 2019 14:08
An: dev@tinkerpop.apache.org
Betreff: Re: [DISCUSS] dependabot
I'd be content with alerts on the security tab that we can evaluate and then
act upon accordingly
I'd be content with alerts on the security tab that we can evaluate and
then act upon accordingly.
On Thu, Nov 7, 2019 at 8:02 AM Robert Dale wrote:
> Ideally, if they can just configured it to not create PRs and instead
> create only the alert, that would be great. And of course give us
Ideally, if they can just configured it to not create PRs and instead
create only the alert, that would be great. And of course give us access
to the Alert tab under the Security tab.
Robert Dale
On Thu, Nov 7, 2019 at 7:53 AM Stephen Mallette
wrote:
> I guess Apache Infra has decided to