I would be OK with this so long as it only applies to minor version bumps. Upgrading major versions should still require human eyeballs.
Ralph > On Dec 2, 2022, at 6:17 AM, Gary Gregory <garydgreg...@gmail.com> wrote: > > That's cool! How is that set up? > > Gary > > On Fri, Dec 2, 2022 at 8:11 AM Volkan Yazıcı <vol...@yazi.ci> wrote: >> >> In the context of LOG4J2-3628 (replacing `maven-changes-plugin`), I am >> overhauling the `log4j-tools` project. I have done something, if I may say, >> A-W-E-S-O-M-E, which I would like to repeat for Log4j too at some point: >> https://github.com/apache/logging-log4j-tools/pull/5 >> >> What is exactly happening in this PR? dependabot creates a PR for a >> dependency update, CI executes the tests, tests succeed, CI merges the PR, >> and publishes the built SNAPSHOT artifact. No more manual dependency >> updates!
