Skip to content

Automate project dependency auditing and updating #184

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 8, 2022
Merged

Automate project dependency auditing and updating #184

merged 1 commit into from
Sep 8, 2022

Conversation

jamesrweb
Copy link
Collaborator

Proposed Changes

  • Automate project dependency auditing
  • Automate project dependency updating
  • Run the automation for dependency management on a weekly basis

@jamesrweb jamesrweb added enhancement dependencies Pull requests that update a dependency file documentation Pull requests that update project documentation labels Sep 7, 2022
@jamesrweb jamesrweb requested a review from a team September 7, 2022 09:35
@jamesrweb jamesrweb self-assigned this Sep 7, 2022
@jamesrweb jamesrweb requested review from yevdyko and removed request for a team September 7, 2022 09:35
@jamesrweb jamesrweb enabled auto-merge (squash) September 7, 2022 09:36
@jamesrweb jamesrweb force-pushed the automate-dependency-audits-and-updates branch from 98a9f57 to 14c851b Compare September 7, 2022 09:38
yevdyko
yevdyko reviewed Sep 7, 2022
View reviewed changes
Copy link
Collaborator

@yevdyko yevdyko left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if we can achieve the same thing by configuring a dependabot? Is there any advantage to using your own cron job script?

@jamesrweb
Copy link
Collaborator Author

I'm wondering if we can achieve the same thing by configuring a dependabot? Is there any advantage to using your own cron job script?

I'm honestly not sure, I guess the main benefit is just full customisation and to continue using pnpm with our setup script. Perhaps Dependabot is a better direction in the sense that it's a GH product though... WDYT?

@yevdyko
Copy link
Collaborator

yevdyko commented Sep 8, 2022

I'm honestly not sure, I guess the main benefit is just full customisation and to continue using pnpm with our setup script. Perhaps Dependabot is a better direction in the sense that it's a GH product though... WDYT?

Okay, I've read about it in more detail. At the moment dependabot doesn't support pnpm, so we won't be able to use it, but we can try renovatebot and for now let's still try your script. How about this?

@jamesrweb
Copy link
Collaborator Author

I'm honestly not sure, I guess the main benefit is just full customisation and to continue using pnpm with our setup script. Perhaps Dependabot is a better direction in the sense that it's a GH product though... WDYT?

Okay, I've read about it in more detail. At the moment dependabot doesn't support pnpm, so we won't be able to use it, but we can try renovatebot and for now let's still try your script. How about this?

Sure, we can try this script first and then look into renovate later then as you suggested 👍🏻

@jamesrweb jamesrweb merged commit b46e851 into master Sep 8, 2022
@jamesrweb jamesrweb deleted the automate-dependency-audits-and-updates branch September 8, 2022 17:35
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@yevdyko yevdyko yevdyko approved these changes

Assignees

@jamesrweb jamesrweb

Labels
dependencies Pull requests that update a dependency file documentation Pull requests that update project documentation enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jamesrweb @yevdyko