Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable dependabot #112

Open
ThePaulMcBride opened this issue Jun 6, 2019 · 1 comment
Open

Enable dependabot #112

ThePaulMcBride opened this issue Jun 6, 2019 · 1 comment
Labels
discussion

Comments

@ThePaulMcBride
Copy link
Collaborator

I think we should consider enabling dependabot.

I've been using it on a bunch of my own projects recently and it is brilliant. It'll keep an eye on our dependencies (node_modules) and create a pull request when a new version of any package is released.

It'll mean we end up with a bunch of pull requests to keep an eye on an manage, but I think it's worth it.

Any thoughts?
@barrymcgee
Copy link
Contributor

We use Renovate and it’s great, especially the auto-merge feature which Dependabot also has, just make sure ‘master’ branch is protected so feature branches can only land if all the tests pass. Netlify will fail the build of any dep upgrades fail.

The recent Github acquisition of Dependabot will also ensure even tighter integration in future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@barrymcgee @ThePaulMcBride