tinkerpop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Hockmann ...@florian-hockmann.de>
Subject Using a bot to keep dependencies up to date
Date Wed, 03 Apr 2019 16:43:11 GMT
Hi,

we have a lot of dependencies in TinkerPop in different projects and
even across different languages. That makes it hard to keep them updated
which sometimes has security implications.

I recently noticed that other open source projects use a bot that
regularly checks whether any updates are available for their
dependencies and then creates one PR per dependency. Just to try it out
with TinkerPop, I activated such a bot on my fork:

https://github.com/florianhockmann/tinkerpop/pulls

and the overall result looks quite good in my opinion. It created a lot
of PRs* and most could probably be directly merged. The bot can also be
easily configured just by adding comments to its PR, for example to
ignore a certain (major/minor/patch) version of a dependency:

https://github.com/FlorianHockmann/tinkerpop/pull/24#issuecomment-473936360

What do you think about adding such a bot for our repo?


* This is limited to only 5 PRs per day at first to not overwhelm a
project with PRs.



Mime
View raw message