Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Reduce Dependabot PR noise for NPM package ecosystem #66

Merged
merged 1 commit into from
Dec 12, 2020

Commits on Dec 12, 2020

  1. Reduce Dependabot PR noise for NPM package ecosystem

    To reduce the noise of too many PRs from NPM dependencies, where most of
    them are only scoped for (local) development, two optimizations have
    been made:
    
    1. The schedule changed to the `monthly` interval [1].
       This is still enough to keep up with the fast updates in the NPM
       ecosystem.
    2. Only watch production packages (`dependencies`) and ignore
       development packages (`devDependencies`).
       The packages used for local or CI/CD development purposes are not
       required to be the latest version just for the sake of being
       up-to-date without a specific need or benefit.
    
    Since GitHub takes security really serious [2], important Dependabot
    security updates [3] are triggered manually by a security advisor so
    there is no risk of missing important versions bumps when reducing the
    schedule interval.
    
      "Use the `allow` option to customize which dependencies are updated.
      This has no impact on security updates for vulnerable dependencies."
    
    [1]: https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/configuration-options-for-dependency-updates#scheduleinterval
    [2]: https://github.com/security
    [3]: https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/about-dependabot-security-updates
    
    GH-65
    svengreb committed Dec 12, 2020
    Configuration menu
    Copy the full SHA
    22ecca6 View commit details
    Browse the repository at this point in the history