rmuir opened a new issue, #14490: URL: https://github.com/apache/lucene/issues/14490
### Description I added dependabot.yml in https://github.com/apache/lucene/pull/14462 Currently it sends us pull requests for: - github actions - pip dependencies in `dev-tools/` But nothing yet for java dependencies. I think it might be enough to rename `versions.toml` to `libs.versions.toml` to get (build-failing) pull requests? From the docs I have read, the filename is not configurable. If the filename is not so important, it would be nice to rename it, just so that github "understands" our dependency tree and allows for features around that (such as security ones). In order to make PRs nice, where they stand a chance to pass, it would be more work. Seems the recommended way is to integrate with actions in order to run the "post upgrade commands" and issue a commit with them. Alternatively we could do renovatebot, but we don't have many dependencies and our needs are simple, so it would be cool if we could have dependabot fully working for us. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org