Hello all! You may have noticed some new pull requests from Dependabot
[1], which is a service to create automated pull requests to update
dependencies.
There are several things I like about this service:
* it provides links to changelogs/release notes/included commits which
makes reviewing ea
On 22/04/2020 20:30, Josh Matthews wrote:
* it provides links to changelogs/release notes/included commits which
makes reviewing easier
Does this also work for crates.io dependencies? (As opposed to git dependencies.)
Does it rely on the upstream repository having git tags that happen to match
Based on https://github.com/servo/servo/pull/26255 and
https://github.com/servo/servo/pull/26258 which are both crates.io
dependencies, it does seem like it relies on some metadata that is not
present in every dependency.
On 2020-04-22 2:45 p.m., Simon Sapin wrote:
On 22/04/2020 20:30, Josh M
I think it's quite great to have Dependabot for us to upgrade dependencies
for security purposes.
I'm wondering if it's worth keeping it enabled but sometimes reject its PRs
(e.g. having duplicated packages or the upgrade makes something broken
which will require someone's effort to fix).
I also
4 matches
Mail list logo
