jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Gaul <g...@apache.org>
Subject Re: enable dependabot on jclouds github repo(s)?
Date Thu, 18 Mar 2021 11:14:16 GMT
On Thu, Mar 18, 2021 at 11:38:02AM +0100, Fritz Elfert wrote:
> Jean-Noël mentioning security scanners in our recent discussion make me think:
> 
> It would be nice to have depedabot enabled in the github repo settings (Security &
analysis).
> If both alerts and security updates are enabled, it automatically creates pull requests
for the relevant changes.

This is something we could experiment with although there are more
considerations for upgrading dependencies than simply getting the latest
version, as the recent thread about Guava and Guice demonstrates.  My
experience with these automatic tools is that they work better for
applications than frameworks.  We would also want to align with other
Apache projects -- do we have some similar infrastructure already?

-- 
Andrew Gaul
http://gaul.org/

Mime
View raw message