[Numpy-discussion] Allowing Dependabot access to the numpy repo
Ryan May
rmay31 at gmail.com
Thu Aug 29 04:44:49 EDT 2019
Hi,
The answer to why Dependabot needs write permission seems to be to be able
to work with private repos:
https://github.com/dependabot/feedback/issues/22
There doesn't seem to be any way around it... :(
Ryan
On Thu, Aug 29, 2019 at 12:04 AM Matti Picus <matti.picus at gmail.com> wrote:
> In PR 14378 https://github.com/numpy/numpy/pull/14378 I moved all our
> python test dependencies to a test_requirements.txt file (for building
> numpy the only requirement is cython). This is worthy since it unifies the
> different "pip install" commands across the different CI systems we use.
> Additionally, there are services that monitor the file and will issue a PR
> if any of those packages have a new release, so we can test out new
> versions of dependencies in a controlled fashion. Someone suggested
> Dependabot (thanks Ryan), which turns out to be run by a company bought by
> github itself.
>
>
> When signing up for the service, it asks for permissions:
> https://pasteboard.co/IuTeWNz.png. The service is in use by other
> projects like cpython. Does it seem OK to sign up for this service?
>
>
> Matti
> _______________________________________________
> NumPy-Discussion mailing list
> NumPy-Discussion at python.org
> https://mail.python.org/mailman/listinfo/numpy-discussion
>
--
Ryan May
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/numpy-discussion/attachments/20190829/456c8319/attachment.html>
More information about the NumPy-Discussion
mailing list