Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependabot #615

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add dependabot #615

wants to merge 1 commit into from

Conversation

oriontvv
Copy link

This PR adds dependabot config

@Thomasdezeeuw
Copy link
Collaborator

I'm -1 on this. I don't think we need to update our dependencies unless we need a specific fix or feature. Updating dependencies with patch versions in libraries can even become a problem when those patch version have problems. I'd say let the binary (not libraries) define the dependency versions.

@oriontvv
Copy link
Author

As I understand - if patch version is not specified for dependency - it would NOT be notified about any patch update. Anyway, we could setup update-types: minor (or even major) documentation. Main motivation for this is that the newer library version in the binary - the less DIFFERENT transitive versions of library would in the result binary build. And it would save a lot of build time and total binary size. Also there is side benefit that dependabot can notify about major security updates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@oriontvv @Thomasdezeeuw