Updating dependencies in patch versions is usually regarded as bad practice. If there was a serious bug or security defect in a dependency, then I would be happier to upgrade it. I don't think we need the noise of Scala Steward raising lots if 1.0 PRs. In fact, it goes against our existing PR policy of backfitting main branch commits when we choose that they are required for 1.0.x. Having Scala Steward PRs that have no link to the main branch PR or commit is the opposite of this.
I am -1 generally and even if we voted to do this, I think we would need to have serious guardrails. Why don't we just concentrate on getting 1.1.0-M1 released instead? It has lots of dependency upgrades. On Wed, 28 Feb 2024 at 10:32, kerr <hepin1...@gmail.com> wrote: > > Motivation: > As we sometimes need to update dependencies on 1.0.x (maintenance) branch, > I suggest we do this with scala-steward, this will reduce some maintenance > burden. > > We can pin some dependencies on specified versions. > > background: https://github.com/apache/incubator-pekko/pull/1159 > > I'm +1 on this. > > 何品 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@pekko.apache.org For additional commands, e-mail: dev-h...@pekko.apache.org
