Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for dependabot 馃コ #1370

Merged
merged 3 commits into from Apr 26, 2022
Merged

feat: add support for dependabot 馃コ #1370

merged 3 commits into from Apr 26, 2022

Conversation

vinayakkulkarni
Copy link
Contributor

  • Enables support for dependabot so that all the package dependencies are kept up-to-date with npm so as to mitigate any vulnerabilities in older versions of packages.

@vinayakkulkarni
feat: add support for dependabot 馃コ
abf49ca 
Signed-off-by: Vinayak Kulkarni <19776877+vinayakkulkarni@users.noreply.github.com>
@ronag
Copy link
Member

ronag commented Apr 25, 2022

We only have dev deps so there is a risk this just leads to annoying notifications with little value.

@mcollina
Copy link
Member

I partially concur. I think it might be useful with a less annoying config like: https://github.com/fastify/fastify/blob/main/.github/dependabot.yml

I would also recommend we add https://github.com/fastify/fastify/blob/main/.github/dependabot.yml, configured like https://github.com/fastify/fastify/blob/da8fafdc2132cde357230fa5b43344058fdd3586/.github/workflows/ci.yml#L82. In this way the amount of manual work is greatly reduced.

@vinayakkulkarni
build: add auto-merge step in CI workflow
f4c325e 
Signed-off-by: Vinayak Kulkarni <19776877+vinayakkulkarni@users.noreply.github.com>
@vinayakkulkarni
fix: clean up dependabot config as per review request
73b7f33 
Signed-off-by: Vinayak Kulkarni <19776877+vinayakkulkarni@users.noreply.github.com>
@codecov-commenter
Copy link

codecov-commenter commented Apr 26, 2022
edited

Codecov Report

Merging #1370 (73b7f33) into main (615f617) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1370   +/-   ##
=======================================
  Coverage   94.25%   94.25%           
=======================================
  Files          45       45           
  Lines        4211     4211           
=======================================
  Hits         3969     3969           
  Misses        242      242

Continue to review full report at Codecov.

Legend - Click here to learn more
螖 = absolute <relative> (impact), 酶 = not affected, ? = missing data
Powered by Codecov. Last update 615f617...73b7f33. Read the comment docs.

mcollina
mcollina approved these changes Apr 26, 2022
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mcollina mcollina merged commit 8a8a20f into nodejs:main Apr 26, 2022
@vinayakkulkarni vinayakkulkarni deleted the feat/add-support-for-dependabot branch April 27, 2022 10:38
KhafraDev pushed a commit to KhafraDev/undici that referenced this pull request Jun 23, 2022
@vinayakkulkarni @KhafraDev
feat: add support for dependabot 馃コ (nodejs#1370)
e7554e1
metcoder95 pushed a commit to metcoder95/undici that referenced this pull request Dec 26, 2022
@vinayakkulkarni @metcoder95
feat: add support for dependabot 馃コ (nodejs#1370)
53004b9
crysmags pushed a commit to crysmags/undici that referenced this pull request Feb 27, 2024
@vinayakkulkarni @crysmags
feat: add support for dependabot 馃コ (nodejs#1370)
c63ea99
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcollina mcollina mcollina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@vinayakkulkarni @ronag @mcollina @codecov-commenter