Dependabot poll #351

floydspace · 2022-07-21T09:45:12Z

floydspace
Jul 21, 2022
Maintainer

Hey @samchungy and the community

What do you think about Dependabot PRs? is it safe just simply merge them? Does anybody faced with the dependencies issues produced by Dependabot.
My personal idea is: if we are locking our dependencies than we are assure that the app works properly with them, but when dependabot reshuffle them I'm getting not comfortable about dependencies. and all the PRs created by the bot is annoying.
But on the other hand, it serves for better: fixing vulnerabilities in out deps, why not to use this privilege.

As long as it's not my personal project anymore, I'd like to get some opinion from community.

Thank you for voting.

Should we use Dependabot?

Yes, it detects and resolves vulnerabilities for us, we can completely trust it and there is low chance of breaking changes

100%

No, it could bring breaking changes in dependencies and break the app, because hands ain't cut off for violating SemVer

0%

I don't care, I just want to use this amazing plugin with as little issues as possible and all means are good

0%

1 vote

samchungy · 2022-07-26T11:00:48Z

samchungy
Jul 26, 2022
Collaborator

I think given we have something of an e2e in place now it should be relatively low risk

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot poll #351

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment

{{title}}

Select a reply

Dependabot poll #351

floydspace Jul 21, 2022 Maintainer

Replies: 1 comment

samchungy Jul 26, 2022 Collaborator

floydspace
Jul 21, 2022
Maintainer

samchungy
Jul 26, 2022
Collaborator