frasertweedale
commented
5 months ago Articles and tools that may be helpful:
Open frasertweedale opened 5 months ago
frasertweedale
commented
5 months ago Articles and tools that may be helpful:
unorsk
commented
5 months ago According to GH people they no longer accept 'new' ecosystems as mentioned here and in the mean time they have been working on something that hasn't been crystallized yet
frasertweedale
commented
5 months ago Maybe we should focus on Renovate instead? https://github.com/renovatebot/renovate/issues/8187
Story
As a haskell developer (who uses GitHub), I want Dependabot to support Haskell, so that when new versions fix security issues, Dependabot will automatically create PRs that bump the version bounds.
Further discussion
For some languages, dependabot only works on lock/freeze files.
In Haskell land, some projects have a freeze file committed to the repo, and some do not.
IF it is easier to tackle the freeze file scenario first, that is fine. Do the easy thing and deliver value for some users, then tackle the harder problem.