> So the question is how do we proceed? Do I contact INFRA to enable it for
the main repo?
No objections from me, is this something we should vote on though? Perhaps
we already have lazy consensus :)
> more concretely how do we deal with these PRs in a practical sense? Do we
rename them and creat
My excuses Brian I had not seen your question:
> - Will dependabot work ok with the version ranges that we specify? For
example some Python dependencies have upper bounds for the next major
version, some for the next minor version. Is dependabot smart enough to try
bumping the appropriate version
Yeah I can see the advantage in tooling like this for easy upgrades. I
suspect many of the outdated Python dependencies fall under this category,
but the toil of creating a PR and verifying it passes tests is enough of a
barrier that we just haven't done it. Having a bot create the PR and
trigger C
Oh forgot to mention one alternative that we do in the Avro project,
it is that we don't create issues for the dependabot PRs and then we
search all the commits authored by dependabot and include them in the
release notes to track dependency upgrades.
On Fri, Apr 16, 2021 at 4:02 PM Ismaël Mejía
> Quite often, dependency upgrade to latest versions leads to either
> compilation errors or failed tests and it should be resolved manually or
> declined. Having this, maybe I miss something, but I don’t see what kind of
> advantages automatic upgrade will bring to us except that we don’t need
Quite often, dependency upgrade to latest versions leads to either compilation
errors or failed tests and it should be resolved manually or declined. Having
this, maybe I miss something, but I don’t see what kind of advantages automatic
upgrade will bring to us except that we don’t need to creat
Hello,
Github has a bot that creates automatically Dependency Update PRs and
report security issues called dependabot.
I was wondering if we should enable it for Beam. I tested it in my
personal Beam fork and it seems to be working well, it created
dependency updates for both Python and JS (websi