Did you see dependabot?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Did you see dependabot?

Enrico Olivelli
Hey guys,
Did you see dependabot on our repos?

Like this automatic PR
https://github.com/apache/maven-plugins/pull/147#pullrequestreview-303889692

I feel this is very useful, but... does anyone enabled it?

Do we have to set a policy, this suggestions are security related fixes, we
could give them some kind of high priority?

Enrico
Reply | Threaded
Open this post in threaded view
|

Re: Did you see dependabot?

Paul Hammant
Pretty sure that small changes that could not be done any other way are not
subject to copyright claims.

s/1.199/1.200/g

^ Being an example.

On Sat, Oct 19, 2019 at 7:51 PM Enrico Olivelli <[hidden email]> wrote:

> I see value in it.
> But from a legal point of view....there is no human who sends the PR, so in
> theory we cannot accept such patches, can we?
>
> Enrico
>
> Il sab 19 ott 2019, 20:26 Tibor Digana <[hidden email]> ha
> scritto:
>
> > The dependabot looks interesting, cli has more possibilities than a pure
> > button on GUI.
> > >> does anyone enabled it
> > I am all the ear how it can be enabled.
> >
> > On Fri, Oct 18, 2019 at 3:32 PM Enrico Olivelli <[hidden email]>
> > wrote:
> >
> > > Hey guys,
> > > Did you see dependabot on our repos?
> > >
> > > Like this automatic PR
> > >
> > >
> >
> https://github.com/apache/maven-plugins/pull/147#pullrequestreview-303889692
> > >
> > > I feel this is very useful, but... does anyone enabled it?
> > >
> > > Do we have to set a policy, this suggestions are security related
> fixes,
> > we
> > > could give them some kind of high priority?
> > >
> > > Enrico
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Did you see dependabot?

Paul Hammant
In reply to this post by Enrico Olivelli
Summary ?