Hi

I would like to start a discussion to add dependabot as a tool to update our dependencies automatically.

This would also us to concentrate more on features and bugs without forgetting to update deps.

I added dependabot on my fork of JanusGraph without any config changes.

Any thoughts on this topic?

Greetings,
Jan

+1 for dependabot. We frequently get notified about outdated dependencies that have security vulnerabilities. Hopefully, dependabot will also updates for most of those updates.

Am Mittwoch, 11. September 2019 14:29:19 UTC+2 schrieb Jan Jansen:

Hi

I would like to start a discussion to add dependabot as a tool to update our dependencies automatically.

This would also us to concentrate more on features and bugs without forgetting to update deps.

I added dependabot on my fork of JanusGraph without any config changes.

Any thoughts on this topic?

Greetings,
Jan

+1 for dependabot.

On Thursday, September 12, 2019 at 10:54:01 AM UTC+3, Florian Hockmann wrote:

+1 for dependabot. We frequently get notified about outdated dependencies that have security vulnerabilities. Hopefully, dependabot will also updates for most of those updates.

Am Mittwoch, 11. September 2019 14:29:19 UTC+2 schrieb Jan Jansen:

Hi

I would like to start a discussion to add dependabot as a tool to update our dependencies automatically.

This would also us to concentrate more on features and bugs without forgetting to update deps.

I added dependabot on my fork of JanusGraph without any config changes.

Any thoughts on this topic?

Greetings,
Jan

It has been over a week now since Jan started this discussion and there were no objections. So I'm going to activate dependabot this week (not sure yet when exactly but I will post an update here once it's activated)

Am Freitag, 13. September 2019 08:01:42 UTC+2 schrieb Oleksandr Porunov:

+1 for dependabot.

On Thursday, September 12, 2019 at 10:54:01 AM UTC+3, Florian Hockmann wrote:

+1 for dependabot. We frequently get notified about outdated dependencies that have security vulnerabilities. Hopefully, dependabot will also updates for most of those updates.

Am Mittwoch, 11. September 2019 14:29:19 UTC+2 schrieb Jan Jansen:

Hi

I would like to start a discussion to add dependabot as a tool to update our dependencies automatically.

This would also us to concentrate more on features and bugs without forgetting to update deps.

I added dependabot on my fork of JanusGraph without any config changes.

Any thoughts on this topic?

Greetings,
Jan

Just a quick update: It takes a bit longer to activate dependabot as we need a solution for the CLA check. I'm currently working together with Jacob Palmer from the Linux Foundation on this which is why we now have first pull requests from Dependabot in the janusgraph-dotnet repo (where the CLA check is unfortunately still failing right now). You can follow the progress in this issue if you're interested.

Once it's working in janusgraph-dotnet, we can activate the bot also for our main repo.

Am Montag, 23. September 2019 14:23:39 UTC+2 schrieb Florian Hockmann:

It has been over a week now since Jan started this discussion and there were no objections. So I'm going to activate dependabot this week (not sure yet when exactly but I will post an update here once it's activated)

Am Freitag, 13. September 2019 08:01:42 UTC+2 schrieb Oleksandr Porunov:

+1 for dependabot.

On Thursday, September 12, 2019 at 10:54:01 AM UTC+3, Florian Hockmann wrote:

+1 for dependabot. We frequently get notified about outdated dependencies that have security vulnerabilities. Hopefully, dependabot will also updates for most of those updates.

Am Mittwoch, 11. September 2019 14:29:19 UTC+2 schrieb Jan Jansen:

Hi

I would like to start a discussion to add dependabot as a tool to update our dependencies automatically.

This would also us to concentrate more on features and bugs without forgetting to update deps.

I added dependabot on my fork of JanusGraph without any config changes.

Any thoughts on this topic?

Greetings,
Jan