Hi. Le sam. 11 sept. 2021 à 18:49, John Patrick <nhoj.patr...@gmail.com> a écrit : > > So dependabot, most commons project already have it, so was helping out > adding it the the rest. > But the main reason was pro-active DevSecOps. So automatically testing the > current main branch against the latest releases of dependencies. Save > developer and contributors manually watching out for new dependencies being > release, saves having to manually create a commit and manually raise a pr. > Basically wanting to save those with write privileges time and you can pick > what and when you merge and know all all potential dependencies are being > tested.
My question was about the added value (of "dependabot") for the components mentioned (in my previous reply), as their dependencies are either to other Commons components or to plugins that would either be upgraded through the "parent" POM or if there is an identified issue. Regards, Gilles > [...] > > > John > > > On Wed, 8 Sept 2021 at 23:47, Gilles Sadowski <gillese...@gmail.com> wrote: > > > Hello. > > > > Le mer. 8 sept. 2021 à 21:10, John Patrick <nhoj.patr...@gmail.com> a > > écrit : > > > > > > Hi, > > > > > > Could someone look at this pr's, some coming up to a year open. > > > > Thanks for the reminder; however ... > > > > > > > > Dependabot, adding the commons standard. > > > [...] > > > https://github.com/apache/commons-math/pull/160 > > > https://github.com/apache/commons-numbers/pull/86 > > > [...] > > > https://github.com/apache/commons-rng/pull/79 > > > https://github.com/apache/commons-statistics/pull/25 > > > [...] > > > > > > > What is the added value for projects' maintainers? > > [IIUC, this script advertises a new version that, most often than not, > > provides a solution to a problem that does not exist (for the target > > project)...] > > > > IOW, you (for example) are welcome to watch those update > > messages and, when a real problem would be solved through an > > upgrade, a specific PR will be most welcome. > > > > Best regards, > > Gilles --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
