foojay-toolchains
foojay-toolchains copied to clipboard
gradle
Add dependabot
This goes a bit further of #52 and adds dependabot to make sure we are always using the latest versions of dependencies 🙃.
I copied the config from here and removed the dummy auth (because this is not required).
@StefMa I'm not sure about this. While having updates is good, I don't feel that the test coverage is strong enough to blindly merge them. And reviewing/testing/managing dependabot PRs usually is annoying.
What types of /more tests would be required to feel save for the current dependencies (gson)? 🤔
I could also write a few for that.
Beside of that... Gson doesn't get too many updates anymore. The last update happen a year ago, the one before that 2 years ago 😁
But nevermind, I could also close this PR if you're not interested in it 👍
On Wed, Jan 24, 2024, 8:28 AM Vlad Chesnokov @.***> wrote:
@StefMa https://github.com/StefMa I'm not sure about this. While having updates is good, I don't feel that the test coverage is strong enough to blindly merge them. And reviewing/testing/managing dependabot PRs usually is annoying.
— Reply to this email directly, view it on GitHub https://github.com/gradle/foojay-toolchains/pull/54#issuecomment-1907544372, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACOBQ6ZSSYFRXF562ADNI6TYQCZY7AVCNFSM6AAAAABAE7B4K2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBXGU2DIMZXGI . You are receiving this because you were mentioned.Message ID: @.***>
@StefMa It's not like I'm against it, I just don't feel it's worth it. Let's hear other opinions.