tinkerpop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kuppitz ...@gremlin.guru>
Subject Re: Using a bot to keep dependencies up to date
Date Wed, 03 Apr 2019 17:29:08 GMT
Pretty cool, I like that (if only Travis would be a little more reliable).


On Wed, Apr 3, 2019 at 9:43 AM Florian Hockmann <fh@florian-hockmann.de>

> Hi,
> we have a lot of dependencies in TinkerPop in different projects and
> even across different languages. That makes it hard to keep them updated
> which sometimes has security implications.
> I recently noticed that other open source projects use a bot that
> regularly checks whether any updates are available for their
> dependencies and then creates one PR per dependency. Just to try it out
> with TinkerPop, I activated such a bot on my fork:
> https://github.com/florianhockmann/tinkerpop/pulls
> and the overall result looks quite good in my opinion. It created a lot
> of PRs* and most could probably be directly merged. The bot can also be
> easily configured just by adding comments to its PR, for example to
> ignore a certain (major/minor/patch) version of a dependency:
> https://github.com/FlorianHockmann/tinkerpop/pull/24#issuecomment-473936360
> What do you think about adding such a bot for our repo?
> * This is limited to only 5 PRs per day at first to not overwhelm a
> project with PRs.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message