Skip to content

Configure dependabot: remove outdated entries and group simple updates #1111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Arnei merged 1 commit into from
Sep 27, 2023
Merged

Configure dependabot: remove outdated entries and group simple updates #1111

Arnei merged 1 commit into from
Sep 27, 2023

Conversation

@LukasKalbertodt
Copy link
Member

@LukasKalbertodt LukasKalbertodt commented Sep 14, 2023

The ignored dependencies are either not used anymore or used in the newest version, so all those ignore entries were removed. Further, we will now use the grouped updates to decrease the number of pull requests (and thus also test deployments). It's very safe to just group minor and patch updates. In the rare case something fails, we can still do it manually.

Relevant docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

@LukasKalbertodt
Configure dependabot: remove outdated entries and group simple updates
8ac8ec8 
The ignored dependencies are either not used anymore or used in the
newest version, so all those ignore entries were removed. Further, we
will now use the grouped updates to decrease the number of pull requests
(and thus also test deployments). It's very safe to just group minor and
patch updates. In the rare case something fails, we can still do it
manually.
@LukasKalbertodt LukasKalbertodt added the type:infrastructure Build process, deployment, workflows label Sep 14, 2023
Arnei
Arnei approved these changes Sep 27, 2023
View reviewed changes
Copy link
Member

@Arnei Arnei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't test this, but it sounds reasonable, so let's just merge this and fix if it doesn't work :)

@Arnei Arnei merged commit 13d0ff3 into opencast:master Sep 27, 2023
@LukasKalbertodt LukasKalbertodt deleted the adjust-dependabot branch September 27, 2023 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Arnei Arnei Arnei approved these changes

Assignees

No one assigned

Labels

type:infrastructure Build process, deployment, workflows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LukasKalbertodt @Arnei