Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added dependabot #54

Merged
merged 3 commits into from
Feb 24, 2024
Merged

Added dependabot #54

merged 3 commits into from
Feb 24, 2024

Conversation

Neo2308
Copy link
Contributor

@Neo2308 Neo2308 commented Aug 8, 2023

  • Added dependabot to keep go dependencies & actions updated.

@CLAassistant
Copy link

CLAassistant commented Aug 8, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@Neo2308 Neo2308 force-pushed the feature/master/add-dependabot-config branch from 9773417 to 78c55e7 Compare August 15, 2023 10:36
@sywhang sywhang self-requested a review August 15, 2023 18:27
@Neo2308
Copy link
Contributor Author

Neo2308 commented Jan 11, 2024

@sywhang could you review?

@JacobOaks
Copy link
Contributor

Hey @Neo2308 - sorry for the long delay for review. This looks good to me, but can you also add a gomod entry for "/tools" (i.e. https://github.com/uber-go/mock/tree/main/tools)

@Neo2308
Added dependabot
3648850 
* Added dependabot to keep go dependencies & actions updated.
@Neo2308
Add internal folders to dependabot config
67e0e98 
Added internal folders to dependabot config
@Neo2308
Add /tools to dependabot config
fbdb9a4 
Added /tools to dependabot config
@Neo2308 Neo2308 force-pushed the feature/master/add-dependabot-config branch from 85876e5 to fbdb9a4 Compare February 24, 2024 08:09
@Neo2308
Copy link
Contributor Author

Neo2308 commented Feb 24, 2024

@JacobOaks done :)

JacobOaks
JacobOaks approved these changes Feb 24, 2024
View reviewed changes
Copy link
Contributor

@JacobOaks JacobOaks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@JacobOaks JacobOaks merged commit 7638c0a into uber-go:main Feb 24, 2024
3 checks passed
abhinav
abhinav reviewed Mar 4, 2024
View reviewed changes
.github/dependabot.yaml
Comment on lines +3 to +7
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "daily"
open-pull-requests-limit: 5
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @Neo2308 @JacobOaks I'd like to suggest reconsidering this change.
Adding dependabot for a library means that all users of the library must upgrade to latest version of all transitive dependencies all the time.

Please consider dropping this specific section from the dependabot so that the library's dependencies remain specific to only what it needs when it needs it. Everything else can remain as-is.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @abhinav, you bring up good points. Removed this section with #163.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JacobOaks JacobOaks JacobOaks approved these changes

@abhinav abhinav abhinav left review comments

@sywhang sywhang Awaiting requested review from sywhang

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Neo2308 @CLAassistant @JacobOaks @abhinav