zyclonite
commented
2 years ago dependabot is enabled in the settings of this repository, currently there is no custom override needed
Closed yeikel closed 2 years ago
zyclonite
commented
2 years ago dependabot is enabled in the settings of this repository, currently there is no custom override needed
yeikel
commented
2 years ago What are the options that you have configured in the repo? The alerts? Or the actual pull requests?
Note that Dependabot security alerts are different than this change
As far as I can see, I do not see any automated PR in this repo from Dependabot (the original goal of this pull request) and I see that you're doing all the dependency bumps manually
zyclonite
commented
2 years ago see this one: https://github.com/vert-x3/vertx-ignite/pull/115
for the underlying cluster framework upgrades there is anyway a lot of manual activities needed, so it does not really add a lot of value
yeikel
commented
2 years ago see this one: #115
for the underlying cluster framework upgrades there is anyway a lot of manual activities needed, so it does not really add a lot of value
Thank you for clarifying.
What schedule do you currently have?
I understand that major upgrades usually need manual intervention (receiving pull requests with draft upgrades is still valuable IMHO), but for other minor upgrades like logback I think that it can add some value
zyclonite
commented
2 years ago there is not really many dependencies... logback is only for testing and the majority for the stack gets handled by the vertx-dependencies project
See https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/