Open
Description
Lower maintenance burden (and adopters' impressions of projects) by auto-merging minor dependency upgrades OR ignore all but major version updates for dependencies. Pin all dependencies to avoid insecure updates for users and lower support requirements.
Advantages:
- fewer PRs means fewer build occurrences necessary
- easier to maintain
- PRs and issues from adopters addressed quicker
- consolidation of renovate configuration across project
- fewer minor versions (if just updating major versions)
Disadvantages:
- automated PR approval opens project to some security risk
- Many minor version updates increases maintenance burden of projects built using commitizen packages