Dependabot updates package-file not package.json. When I clear these updates, i like to update package.json and test for collisions. I agree dependabot is just alerting us to updates.
Proposal: why don’t we have dependabot merge changes into the test branch. then we can update package.json in merges from test to master. How’s that? > On Aug 26, 2022, at 11:42 AM, Austin Bennett <whatwouldausti...@gmail.com> > wrote: > > Hi Devs, > > We have Dependabot in the repository which is suggesting maintenance PRs to > bump versions --> > https://github.com/apache/incubator-flagon-useralejs/pulls/app%2Fdependabot > > What are your thoughts around how to treat those PRs? > > * Turn off? > * Just [manually] merge? We do have some tests, and if bumping versions > causes more problems that just points to needing to roll-back and/or add > new tests? > * Configure dependabot to auto-merge if tests pass? > * other? > > Cheers, > Austin
