You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Konrad Windszus (Jira)" <ji...@apache.org> on 2021/07/13 16:05:00 UTC

[jira] [Commented] (OAK-9490) Enable Dependabot

    [ https://issues.apache.org/jira/browse/OAK-9490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17380008#comment-17380008 ] 

Konrad Windszus commented on OAK-9490:
--------------------------------------

Usually dependabot is not that useful for OSGi bundles, as the Maven dependencies only specify the minimum required version of another bundle dependency which is not necessarily the version which is used at run time.

> Enable Dependabot
> -----------------
>
>                 Key: OAK-9490
>                 URL: https://issues.apache.org/jira/browse/OAK-9490
>             Project: Jackrabbit Oak
>          Issue Type: Task
>          Components: parent
>            Reporter: Marcel Reutegger
>            Priority: Minor
>
> GitHub's Dependabot automatically creates pull requests for available dependency updates.
> https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates
> Note, currently https://ci-builds.apache.org/job/Jackrabbit/job/oak-trunk-pr/ does not build pull requests from forks. This is how Dependabot will propose dependency updates.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)