security-advisories icon indicating copy to clipboard operation
security-advisories copied to clipboard

Published 20 hours ago verified publisher icon haskell

GitHub Dependabot support for Haskell packages

Open frasertweedale opened this issue 8 months ago • 3 comments

Story

As a haskell developer (who uses GitHub), I want Dependabot to support Haskell, so that when new versions fix security issues, Dependabot will automatically create PRs that bump the version bounds.

Further discussion

For some languages, dependabot only works on lock/freeze files.

In Haskell land, some projects have a freeze file committed to the repo, and some do not.

IF it is easier to tackle the freeze file scenario first, that is fine. Do the easy thing and deliver value for some users, then tackle the harder problem.

frasertweedale avatar Jun 08 '24 13:06 frasertweedale