GitHub Dependabot support for Haskell packages #205
Comments
|
Articles and tools that may be helpful: |
|
According to GH people they no longer accept 'new' ecosystems as mentioned here and in the mean time they have been working on something that hasn't been crystallized yet |
|
Maybe we should focus on Renovate instead? renovatebot/renovate#8187 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Story
As a haskell developer (who uses GitHub), I want Dependabot to support Haskell, so that
when new versions fix security issues, Dependabot will automatically create PRs that bump
the version bounds.
Further discussion
For some languages, dependabot only works on lock/freeze files.
In Haskell land, some projects have a freeze file committed to the repo, and some do not.
IF it is easier to tackle the freeze file scenario first, that is fine. Do the easy thing and deliver
value for some users, then tackle the harder problem.
The text was updated successfully, but these errors were encountered: