Also, how different is a bot proposing a dependency update from a human doing the same? The bot includes far more context about the update in the PR comment, too, which is super useful for determining whether or not the dependency is worth updating. You can even configure it to only notify about security updates if it’s too noisy.
On Thu, Jul 23, 2020 at 20:42 Gary Gregory <garydgreg...@gmail.com> wrote: > I suggest you look at the PRs directly instead the emails. > > Gary > > On Thu, Jul 23, 2020, 21:27 Peter Lee <peter...@apache.org> wrote: > > > Got plenty of mails this morning(which surprised me a lot). Seems they > are > > all triggered by github dependency bot. > > Have been too busy these days. Will try to look into them this weekend. > > On 7. 23 2020, at 5:12 , Gilles Sadowski <gillese...@gmail.com> wrote: > > > Hi. > > > > > > 2020-07-22 18:32 UTC+02:00, Stefan Bodewig <bode...@apache.org>: > > > > I hope anybody sees this message. > > > > > > I've seen it. Although it could have been easily drowned in the flood. > > ;-) > > > > Can we please discuss this per component? I personally do like the > idea > > > > of dependabot for applications but feel it is completly wrong for > > > > libraries and would prefer to not use it. > > > > > > At least, it seems that I was not completely off-base in asking what > > > was going on. > > > > > > Thanks, > > > Gilles > > > > > > > > > > > Stefan > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > -- Matt Sicker <boa...@gmail.com>