ctubbsii commented on PR #2564: URL: https://github.com/apache/thrift/pull/2564#issuecomment-1099578487
> INFRA ticket? I would have squashed them anyway just waited for green CI I don't know what you'd need an INFRA ticket for. You can control dependabot via [.asf.yaml](https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features) or with a [dependabot.yml](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file). However, what I was talking about was this workflow: 1. See dependabot just spammed the project with a bunch of updates 2. Ignore the dependabot PRs 3. Manually run something to update all the NPM/Yarn dependencies all at once, and create a new PR 4. Wait for new PR to get green CI 5. Merge new PR 6. Watch dependabot detect that all its PRs are no longer relevant and close them itself. This workflow doesn't require any change to dependabot's behavior... only the project's response. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
