Knowledge Tree
Home Research Docs About
concept

pull request

Also known as: pull request, pull requests

Facts (21)

Sources
A Mixed-Methods Study of Open-Source Software Maintainers On ... arxiv.org arXiv Feb 3, 2025 7 facts
quoteOne interview participant stated: “Go ahead and merge the PR. I don’t even really test it.” (P5).
referenceXunhui Zhang, Yue Yu, Georgios Gousios, and Ayushi Rastogi authored the study 'Pull request decisions explained: An empirical overview,' published in IEEE Transactions on Software Engineering in 2022.
accountOne OSS maintainer uses the same public pull request process for security issues as they do for any other project issue.
referenceMairieli Wessel, Ahmad Abdellatif, Igor Wiese, Tayana Conte, Emad Shihab, Marco A. Gerosa, and Igor Steinmacher studied the use of bots for pull requests in their 2022 paper 'Bots for pull requests: The good, the bad, and the promising', published in the Proceedings of the 44th International Conference on Software Engineering.
quote“The first one that I use quite often is Renovate, that is a tool in Github easily available where you can configure: I want this and this upgraded like that, and you can have all kinds of settings and then it automatically gives you a pull request […] with a dependency update and automatically, the test pipeline fires.”
referenceDenae Ford, Mahnaz Behroozi, Alexander Serebrenik, and Chris Parnin authored 'Beyond the code itself: How programmers really look at pull requests', published in the 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS), pages 51–60.
perspectiveThe perspective of Participant P5, who is willing to merge automated pull requests without testing, reflects a desire for streamlined processes in open-source software maintenance, highlighting the tension between automation convenience and the need for rigorous testing.
Open source software best practices and supply chain risk ... - GOV.UK gov.uk Department for Science, Innovation and Technology Mar 3, 2025 4 facts
claimInterviewee 6's organization uses automated dependency update tooling and conducts security checks during pull requests, though their security approach is primarily reactive, addressing issues as they arise.
accountInterviewee 1, Interviewee 2, Interviewee 3, Interviewee 4, Interviewee 6, and Interviewee 8 utilize a tool integrated with their version control system that automatically updates dependencies in a repository and creates a pull request for the update.
accountInterviewee 1 and Interviewee 2 maintain no formal Open Source Software management approach beyond the pull requests generated by their automated tooling.
procedureThe lead developer at an educational platform (Interviewee 1) described a formal process for adopting open source software: if a dependency is deemed 'business critical', the team creates a business case for review by InfoSec, the principal engineer, and potentially the CTO; if not deemed 'business critical', the team adopts the dependency after a peer review during a pull request.
bureado/awesome-software-supply-chain-security - GitHub github.com GitHub 3 facts
referenceThe 'edgebit-build' GitHub action by edgebitio allows users to upload SBOMs to EdgeBit to receive vulnerability context in pull requests.
claimThe apiiro/PRevent GitHub app scans pull requests for malicious code patterns, specifically identifying dynamic code execution and obfuscation.
referencePhylum Analyze PR Action is a GitHub Action designed to analyze Pull Requests for open-source supply chain issues.
Projects that make their rules explicit would see more participation opensource.com Opensource.com Apr 3, 2018 2 facts
claimThe React project maintains a document that describes how pull requests are handled, including specific details on how they are reviewed and prioritized.
procedureThe author analyzed the 25 most-starred open source projects on GitHub by examining basic activity metrics (commits, watchers), collaboration metrics (issues, pull requests), documentation (contributing.md, code_of_conduct.md, license.md), and the use of descriptive labels.
What Is Open Governance? Drafting a charter for an Open Source ... opensource.org Open Source Initiative May 9, 2023 1 fact
procedureA Data Contributor in the ClearlyDefined project identifies bugs or improvements, forks the repository, and submits a pull request with changes, which they must substantiate with background information and proof of correctness.
Governance in Practice: How Open Source Projects Define ... - arXiv arxiv.org arXiv 5 days ago 1 fact
claimThe marimo-team/marimo GitHub project defines maintainers as the "ultimate authority" over project direction, with daily responsibilities that include triaging issues, reviewing pull requests, and maintaining CI pipelines.
Community Governance Considerations of Open Source Projects nerdstein.net Nerdstein Jun 5, 2017 1 fact
claimIssue participation in open source projects involves community members organizing bugs, plans, and documentation needs within issue tracking systems, allowing for collaboration and testing of patches and pull requests before finalization.
Open Source Software: What is OSS? - Sonatype sonatype.com Sonatype 1 fact
procedureIn the open source development model, contributors submit changes via pull requests, which are then reviewed and accepted or rejected by the project maintainers.
Best practices for version control to enhance development workflows harness.io Harness Mar 17, 2025 1 fact
procedureThe version control merging process involves four key practices: using Pull Requests or Merge Requests to formalize code reviews with clear descriptions and issue references; triggering automated builds and tests for every branch; choosing between linear commit history (fast-forward merges) or consolidated commits (squash merges) consistently; and addressing merge conflicts immediately to prevent complexity caused by long-running branches.