rmuir opened a new issue, #14490:
URL: https://github.com/apache/lucene/issues/14490

   ### Description
   
   I added dependabot.yml in https://github.com/apache/lucene/pull/14462
   
   Currently it sends us pull requests for:
   - github actions
   - pip dependencies in `dev-tools/`
   
   But nothing yet for java dependencies. I think it might be enough to rename 
`versions.toml` to `libs.versions.toml` to get (build-failing) pull requests? 
From the docs I have read, the filename is not configurable.
   
   If the filename is not so important, it would be nice to rename it, just so 
that github "understands" our dependency tree and allows for features around 
that (such as security ones).
   
   In order to make PRs nice, where they stand a chance to pass, it would be 
more work. Seems the recommended way is to integrate with actions in order to 
run the "post upgrade commands" and issue a commit with them.
   
   Alternatively we could do renovatebot, but we don't have many dependencies 
and our needs are simple, so it would be cool if we could have dependabot fully 
working for us.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to