<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">I’m confused about why it needs write access to code... if I were doing this for scikit-image I would possibly clone the code to a new repo.<br><div dir="ltr"><br>On 29 Aug 2019, at 8:03 am, Matti Picus <<a href="mailto:matti.picus@gmail.com">matti.picus@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<p>In PR 14378 <a class="moz-txt-link-freetext" href="https://github.com/numpy/numpy/pull/14378">https://github.com/numpy/numpy/pull/14378</a> I moved all
our python test dependencies to a test_requirements.txt file (for
building numpy the only requirement is cython). This is worthy
since it unifies the different "pip install" commands across the
different CI systems we use. Additionally, there are services that
monitor the file and will issue a PR if any of those packages have
a new release, so we can test out new versions of dependencies in
a controlled fashion. Someone suggested Dependabot (thanks Ryan),
which turns out to be run by a company bought by github itself.</p>
<p><br>
</p>
<p>When signing up for the service, it asks for permissions:
<a class="moz-txt-link-freetext" href="https://pasteboard.co/IuTeWNz.png">https://pasteboard.co/IuTeWNz.png</a>. The service is in use by other
projects like cpython. Does it seem OK to sign up for this
service?</p>
<p><br>
</p>
<p>Matti<br>
</p>
</div></blockquote><blockquote type="cite"><div dir="ltr"><span>_______________________________________________</span><br><span>NumPy-Discussion mailing list</span><br><span><a href="mailto:NumPy-Discussion@python.org">NumPy-Discussion@python.org</a></span><br><span><a href="https://mail.python.org/mailman/listinfo/numpy-discussion">https://mail.python.org/mailman/listinfo/numpy-discussion</a></span><br></div></blockquote></body></html>