Add dependabot config #663
Conversation
|
@HighCommander4 would you mind giving this a look? |
|
I added myself as a reviewer, but it will take me a while to get to, as I'm on travels right now, and I'm not really familiar with these Github Actions type things. (So if someone else would like to review it sooner, please feel free.) |
|
@tamird could you elaborate on the motivation for this patch? Is there a problem you're experiencing as a vscode-clangd user (or developer) that this patch solves for you? |
This will batch all updates into a single PR once a month. Dependabot was previously removed in 995639f but this should be much less noisy than the previous setup.
tamird
force-pushed
the
add-dependabot
branch
from
6f18819 to
1c9ca9c
Compare
|
@HighCommander4 sorry, neglected to reply. The motivation is that it's easier to stay current incrementally rather than having to do big-bang bumps like #664. |
My thoughts here are similar to the ones in the node-clangd issue: I'd be fine with this if you're also volunteering to handle the monthly updates, otherwise I'd lean towards a more conservative configuration such as excluding major version bumps. |
|
Yep, I am volunteering. |
|
@kadircet are you able to invite me to this repo as well? |
|
Thanks @kadircet! Merging. |
|
@tamird I'm finding dependabot to be making the commit history pretty noisy. 18 of the last 22 commits are from dependabot, over the course of ~1.5 months. That's a lot more than "once a month". Do you know why there are so many, and is there something we can do to reduce the noise? |
|
The ones that aren't on the normal cadence are typically security-related. |
2 participants
This will batch all updates into a single PR once a month.
Dependabot was previously removed in
995639f but this should be much less
noisy than the previous setup.