mdedetrich commented on PR #55: URL: https://github.com/apache/incubator-pekko-projection/pull/55#issuecomment-1580285507
> dependabot_updates is going to create a lot of PRs. Not for Scala because the dependabot integration with Scala is manual. Github's dependabot doesn't natively support Scala so it doesn't make PR's against it, we have to use scala-steward for that. > dependabot_alerts creates PRs if we have dependencies that have CVEs dependabot_updates creates PRs if there are minor releases for dependencies So I misunderstood what these fields in `.asf.yml` meant. I was trying to solve the issue mentioned at https://github.com/apache/incubator-pekko/pull/366#issuecomment-1573358506 so I was thinking that `dependabot_updates`/`dependabot_alerts` meant opening up permissions so that other people can see the alerts but it turns out thats not the case. I can revert adding these fields since in our case it doesn't actually do anything, the intent for adding dependabot is to just get alerts for CVE's (i.e. its replacing https://github.com/apache/incubator-pekko/pull/289) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
