That is certainly a way to do it that seems better than the current approach? Hoping to get as automated as feasible.
Is there a reason you'd want package.json updates to be done manually? That seems something a GH Action could do [ after tests pass ] -- without having spent about any time with this thought, it looks like it could parse updated package-lock to get versions and then replace/update those versions in package.json, and run tests accordingly. On Mon, Aug 29, 2022 at 6:15 PM Joshua Poore <poor...@apache.org> wrote: > Dependabot updates package-file not package.json. When I clear these > updates, i like to update package.json and test for collisions. I agree > dependabot is just alerting us to updates. > > Proposal: why don’t we have dependabot merge changes into the test branch. > then we can update package.json in merges from test to master. > > How’s that? > > > On Aug 26, 2022, at 11:42 AM, Austin Bennett < > whatwouldausti...@gmail.com> wrote: > > > > Hi Devs, > > > > We have Dependabot in the repository which is suggesting maintenance PRs > to > > bump versions --> > > > https://github.com/apache/incubator-flagon-useralejs/pulls/app%2Fdependabot > > > > What are your thoughts around how to treat those PRs? > > > > * Turn off? > > * Just [manually] merge? We do have some tests, and if bumping versions > > causes more problems that just points to needing to roll-back and/or add > > new tests? > > * Configure dependabot to auto-merge if tests pass? > > * other? > > > > Cheers, > > Austin > >
