Hi, we have a lot of dependencies in TinkerPop in different projects and even across different languages. That makes it hard to keep them updated which sometimes has security implications.
I recently noticed that other open source projects use a bot that regularly checks whether any updates are available for their dependencies and then creates one PR per dependency. Just to try it out with TinkerPop, I activated such a bot on my fork: https://github.com/florianhockmann/tinkerpop/pulls and the overall result looks quite good in my opinion. It created a lot of PRs* and most could probably be directly merged. The bot can also be easily configured just by adding comments to its PR, for example to ignore a certain (major/minor/patch) version of a dependency: https://github.com/FlorianHockmann/tinkerpop/pull/24#issuecomment-473936360 What do you think about adding such a bot for our repo? * This is limited to only 5 PRs per day at first to not overwhelm a project with PRs.
