[
https://issues.apache.org/jira/browse/NUTCH-3182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18088561#comment-18088561
]
Sebastian Nagel commented on NUTCH-3182:
----------------------------------------
Note: while major dependency upgrades are worth to be in the release notes and
require a Jira issue, we possibly can merge Dependabot PRs updating the GitHub
workflows without a Jira issue. Or are there objections?
> Add GitHub Dependabot configuration to update GitHub workflows
> --------------------------------------------------------------
>
> Key: NUTCH-3182
> URL: https://issues.apache.org/jira/browse/NUTCH-3182
> Project: Nutch
> Issue Type: Improvement
> Components: build
> Affects Versions: 1.23
> Reporter: Sebastian Nagel
> Assignee: Sebastian Nagel
> Priority: Minor
> Fix For: 1.23
>
>
> GitHub's Dependabot can be configured to [update the GitHub workflow
> actions](https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/keeping-your-actions-up-to-date-with-dependabot)
> automatically.
> Although Dependabot does not support Ivy-managed dependencies, we should use
> it to keep the workflow definitions up-to-date.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
