Closed DimitriPapadopoulos closed 1 year ago
However, I'd like to understand why it doesn't work in some cases
I have experienced the same thing. It seems to be significantly delayed in some cases. For example, we enabled the action updates 2022-05-02 in a repository:
https://github.com/arduino/serial-monitor/commit/4f1f74bb4928123fb83b86e86c81c093162eef40
And only finally received the PR for the actions/checkout@v2
-> actions/checkout@v3
update that had been available the whole time 2022-09-07:
https://github.com/arduino/serial-monitor/pull/24
(we did not have any outstanding Dependabot PRs so it was not a matter of hitting the updates[*].open-pull-requests-limit
value for that package-ecosystem
)
I guess better late than never (which likely would be the case if we managed the versions manually). Even if it is a bit glitched, the pull requests I do receive from Dependabot are valuable so I think it is worth adding regardless.
Yes, we can add a dependabot. However, I'd like to understand why it doesn't work in some cases, see for example https://github.com/bids-standard/bids-specification/pull/1303.