Message-ID: From: "sehrope (@sehrope)" To: "pgjdbc/pgjdbc" Date: Tue, 26 May 2026 14:45:56 +0000 Subject: Re: [pgjdbc/pgjdbc] issue #4099: Configuration suggestion: automerge for `actions/*`, `github/*`, `org.ow2.asm`, In-Reply-To: References: List-Id: X-GitHub-Author-Login: sehrope X-GitHub-Comment-Id: 4545210926 X-GitHub-Comment-Type: issue_comment X-GitHub-Issue: 4099 X-GitHub-Repo: pgjdbc/pgjdbc X-GitHub-Type: comment X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/issues/4099#issuecomment-4545210926 Content-Type: text/plain; charset=utf-8 I don't want anything automatically being merged. There should always be a manual review step. It's fine to group think together to minimize PR spam and consolidate the updates, but there should always be an actual review in the path. If the number of updates is too many to keep up with, maybe we simplify the repo itself. For example in the past 24-hours you have 20+ PRs to update various gradle plugins. And I have no clue what changed in any of them. A lot of these we don't even need to update. Staying up to date with things is helpful when finally migrating to a new version. But there's no reason we need to be on the bleeding edge for any of these. It's just busy work to keep updating them. If they were working fine and there's no inherent security issue, what did we even gain from updating them so frequently?