Would it be possible to configure Dependabot in such a way that it only
offers bugfix updates for the 3.x-branches, but not minor or major updates?
Rationale: if there's a security issue ficed in a bugfix release, we
most likely want to have it, but we don't want to do double work in
migrating
Thanks. I don't have any problem with how to do it :)
My question is more about if we really care of it?
Because it may generate double efforts regarding the number of PRs to validate.
On Mon, 15 Jul 2024 at 20:11, Christoph Läubrich wrote:
>
> You can target different branches with dependabot [1
You can target different branches with dependabot [1], only the
configuration must live in the default branch!
[1]
https://github.com/eclipse-tycho/tycho/blob/befacef0e37216569803878e50b2bc17b000af95/.github/dependabot.yml#L17
Am 15.07.24 um 12:05 schrieb Olivier Lamy:
Hi
As few of the plugi
Hi
As few of the plugins now have switched master branch to 4.x API,
Those that have the 3.x branch will not receive any more dependabot
updates (as dependabot only targets, per default, the default branch).
Do we want to keep up2date 3.x branches as well?
cheers
Olivier
-
