Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: updating dependabot file to support gha, TS, JS, gradle, Go lang, cargo and docker packages #271

Merged
merged 2 commits into from
May 13, 2024
Merged

chore: updating dependabot file to support gha, TS, JS, gradle, Go lang, cargo and docker packages #271

merged 2 commits into from
May 13, 2024

Conversation

rajpalc7
Copy link
Contributor

No description provided.

@rajpalc7
chore: updating dependabot file to support gha, TS, JS, gradle, Go la…
25287ad 
…ng, cargo and docker packages

Signed-off-by: Rajpal Chauhan <[email protected]>
WadeBarnes
WadeBarnes approved these changes May 10, 2024
View reviewed changes
Copy link
Member

@WadeBarnes WadeBarnes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, but I'd like feedback from other maintainers.

berendsliedrecht
berendsliedrecht approved these changes May 11, 2024
View reviewed changes
Copy link
Contributor

@berendsliedrecht berendsliedrecht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@swcurran swcurran merged commit c98169e into hyperledger:main May 13, 2024
4 checks passed
@TimoGlastra
Copy link
Member

Do you think we can maybe batch the updates per language/tools, there's a lot of PRs open now, and it's quite tedious to have to merge them one by one

image

@WadeBarnes
Copy link
Member

WadeBarnes commented May 14, 2024
edited
Loading

@TimoGlastra, We could look into grouping the dependency updates, but I've also heard complaints from developers that that causes other issues.

One option is to use the dependabot updates as a guide and create a separate PR that updates all of the dependancies that can be updated without issue. Merging that PR will trigger dependabot to reevaluate and close any PRs that are no longer relevant.

Dependabot is a topic for the ACA-PUG meeting today.

@TimoGlastra
Copy link
Member

Yeah the thing I don't like about dependabot is that a lot of these dependencies are dev dependencies (for javascript especially), and that you're spending a lot of time on updates that don't really improve things.

@WadeBarnes
Copy link
Member

Yeah the thing I don't like about dependabot is that a lot of these dependencies are dev dependencies (for javascript especially), and that you're spending a lot of time on updates that don't really improve things.

It looks like that could be controlled; https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow

@WadeBarnes WadeBarnes mentioned this pull request May 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@berendsliedrecht berendsliedrecht berendsliedrecht approved these changes

@WadeBarnes WadeBarnes WadeBarnes approved these changes

@andrewwhitehead andrewwhitehead Awaiting requested review from andrewwhitehead

@TimoGlastra TimoGlastra Awaiting requested review from TimoGlastra

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rajpalc7 @TimoGlastra @WadeBarnes @berendsliedrecht @swcurran