Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add dependabot #28

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

inigomarquinez
Copy link
Contributor

Main Changes

dependabot will check for available updates for the dependencies that we use in the project. In the current setup, it will generate PRs once per week if the are new versions for our dependencies (npm and Github Actions).

We can remove npm and limit it to Github Actions, as well we can modify the frequency.

dependabot is capable of following the pin version schema introduced in #25, so it will be able to upgrade and pin the Github actions accordingly.

The configuration is very flexible, see the documentation

Context

@UlisesGascon UlisesGascon marked this pull request as draft March 15, 2024 08:44
@UlisesGascon
Copy link
Member

Thanks for the PR @inigomarquinez!

I will convert this PR to draft for now, as there is an ongoing discussion about dependabot role in the project in this PR: expressjs/express#5435. As soon as that conversation is resolved, we can revisit this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants