tinkerpop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kuppitz ...@gremlin.guru>
Subject Re: Using a bot to keep dependencies up to date
Date Wed, 03 Apr 2019 17:29:08 GMT
Pretty cool, I like that (if only Travis would be a little more reliable).

Cheers,
Daniel


On Wed, Apr 3, 2019 at 9:43 AM Florian Hockmann <fh@florian-hockmann.de>
wrote:

> Hi,
>
> we have a lot of dependencies in TinkerPop in different projects and
> even across different languages. That makes it hard to keep them updated
> which sometimes has security implications.
>
> I recently noticed that other open source projects use a bot that
> regularly checks whether any updates are available for their
> dependencies and then creates one PR per dependency. Just to try it out
> with TinkerPop, I activated such a bot on my fork:
>
> https://github.com/florianhockmann/tinkerpop/pulls
>
> and the overall result looks quite good in my opinion. It created a lot
> of PRs* and most could probably be directly merged. The bot can also be
> easily configured just by adding comments to its PR, for example to
> ignore a certain (major/minor/patch) version of a dependency:
>
> https://github.com/FlorianHockmann/tinkerpop/pull/24#issuecomment-473936360
>
> What do you think about adding such a bot for our repo?
>
>
> * This is limited to only 5 PRs per day at first to not overwhelm a
> project with PRs.
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message