Our git repo (like all Apache repos) is mirrored at github. Recently dependabot
was enabled for all Apache repos and now we've got 2 pull requests:
https://github.com/apache/allura/pulls These are both for npm packages, and our
npm usage is pretty little so I don't think we need it.
We can disable them via
https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-DependabotAlertsandUpdates
It would disable python package pull requests, but I think its worth it. I
don't want npm noise :) And we can have "alerts" ON but "pull requests" OFF.
Any additional thoughts?
--
Dave Brondsema : d...@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
<><
