> On Jul 23, 2020, at 10:16 PM, Matt Sicker <boa...@gmail.com> wrote:
>
> Also, how different is a bot proposing a dependency update from a human
> doing the same? The bot includes far more context about the update in the
> PR comment, too, which is super useful for determining whether or not the
> dependency is worth updating. You can even configure it to only notify
> about security updates if it’s too noisy.
>
I don’t understand how substantive forward progress on a project can be
considered noisy. It’s just audit.
-Rob
>> On Thu, Jul 23, 2020 at 20:42 Gary Gregory <garydgreg...@gmail.com> wrote:
>>
>> I suggest you look at the PRs directly instead the emails.
>>
>> Gary
>>
>>> On Thu, Jul 23, 2020, 21:27 Peter Lee <peter...@apache.org> wrote:
>>>
>>> Got plenty of mails this morning(which surprised me a lot). Seems they
>> are
>>> all triggered by github dependency bot.
>>> Have been too busy these days. Will try to look into them this weekend.
>>> On 7. 23 2020, at 5:12 , Gilles Sadowski <gillese...@gmail.com> wrote:
>>>> Hi.
>>>>
>>>> 2020-07-22 18:32 UTC+02:00, Stefan Bodewig <bode...@apache.org>:
>>>>> I hope anybody sees this message.
>>>>
>>>> I've seen it. Although it could have been easily drowned in the flood.
>>> ;-)
>>>>> Can we please discuss this per component? I personally do like the
>> idea
>>>>> of dependabot for applications but feel it is completly wrong for
>>>>> libraries and would prefer to not use it.
>>>>
>>>> At least, it seems that I was not completely off-base in asking what
>>>> was going on.
>>>>
>>>> Thanks,
>>>> Gilles
>>>>
>>>>>
>>>>> Stefan
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>>>> For additional commands, e-mail: dev-h...@commons.apache.org
>>>>
>>>
>>>
>>
> --
> Matt Sicker <boa...@gmail.com>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org