Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM-level updatePolicy support #7555

Open
1 task done
castarco opened this issue Jul 13, 2023 · 0 comments
Open
1 task done

NPM-level updatePolicy support #7555

castarco opened this issue Jul 13, 2023 · 0 comments
Labels
T: feature-request Requests for new features

Comments

@castarco
Copy link

castarco commented Jul 13, 2023
edited

Is there an existing issue for this?

  • I have searched the existing issues

Disclaimer

This feature request is a bit speculative, as nothing like this has been implemented for NPM yet; but I'd like to extend the discussion to other actors.

References

Feature description

It would be nice to have an optional metadata section in package.json files to allow a more fine-grained control over how direct and transitive dependencies are updated, but also to help downstream consumers to decide how to update the package we maintain.

The main justification for this is that not everyone is respecting the semantic versioning convention, and we might benefit from more sophisticated mechanisms to keep under control the problems that arise from this fact.

From dependabot's perspective, the feature would consist on honouring that metadata in case it is present.
@castarco castarco added the T: feature-request Requests for new features label Jul 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T: feature-request Requests for new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@castarco