Hi Team,
Just curious on other thoughts on Dependabot now that Apache enabled
them across the repos. Do we review and merge them as is? Should we
build PRs like https://github.com/apache/cordova-js/pull/255 to
regenerate package-lock which will result in dependent bot to close
their PRs. Case-by-case basis?
Personally I think I favour the manual PR approach as it will squash
several dependent PRs into one, and dependabot is smart enough to notice
when their PR is out-dated.
Cheers,
Norman
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
