Hi, The answer to why Dependabot needs write permission seems to be to be able to work with private repos:
https://github.com/dependabot/feedback/issues/22 There doesn't seem to be any way around it... :( Ryan On Thu, Aug 29, 2019 at 12:04 AM Matti Picus <matti.pi...@gmail.com> wrote: > In PR 14378 https://github.com/numpy/numpy/pull/14378 I moved all our > python test dependencies to a test_requirements.txt file (for building > numpy the only requirement is cython). This is worthy since it unifies the > different "pip install" commands across the different CI systems we use. > Additionally, there are services that monitor the file and will issue a PR > if any of those packages have a new release, so we can test out new > versions of dependencies in a controlled fashion. Someone suggested > Dependabot (thanks Ryan), which turns out to be run by a company bought by > github itself. > > > When signing up for the service, it asks for permissions: > https://pasteboard.co/IuTeWNz.png. The service is in use by other > projects like cpython. Does it seem OK to sign up for this service? > > > Matti > _______________________________________________ > NumPy-Discussion mailing list > NumPy-Discussion@python.org > https://mail.python.org/mailman/listinfo/numpy-discussion > -- Ryan May
_______________________________________________ NumPy-Discussion mailing list NumPy-Discussion@python.org https://mail.python.org/mailman/listinfo/numpy-discussion
