Skip to content

chore(): added dependabot #2374

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 23, 2022
Merged

chore(): added dependabot #2374

merged 1 commit into from
Aug 23, 2022

Conversation

chyzwar
Copy link
Contributor

@chyzwar chyzwar commented Oct 11, 2020

Added dependabot with monthly schedule.

brianc
brianc approved these changes Oct 13, 2020
View reviewed changes
Copy link
Owner

@brianc brianc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@chyzwar
Copy link
Contributor Author

chyzwar commented Oct 13, 2020

I think dependabot is nice but it would raise PR for versions of packages that no longer support node v8. For example lestest ts-node and mocha no longer suport node v8.

@chyzwar
Copy link
Contributor Author

chyzwar commented Oct 13, 2020

For my PRs that you accepted can you label them as hacktoberfest-accepted this way I will get a T-Shirt :)

@brianc
Copy link
Owner

brianc commented Oct 13, 2020

I think dependabot is nice but it would raise PR for versions of packages that no longer support node v8. For example lestest ts-node and mocha no longer suport node v8.

hmm that might be hard to deal with, any suggestions?

@chyzwar
Copy link
Contributor Author

chyzwar commented Oct 13, 2020

Dependabot have a command for this.

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Once dependabot create an PR for mocha v9 you can repond with @dependabot ignore this major version this would close PR and upgrade would need to be manual. Dependabot can be noisy that why I set initial schedule to monthly. I think is worth trying. I just wanted to warn that there might be a bit of extra work initially.

@chyzwar
Copy link
Contributor Author

chyzwar commented Nov 2, 2020

Can you also add label hacktoberfest-accepted

@brianc brianc merged commit ff85ac2 into brianc:master Aug 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brianc brianc brianc approved these changes

Assignees
No one assigned
Labels
hacktoberfest-accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chyzwar @brianc