-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🏗 Enable package updates for E2E and visual diff tests #23427
Conversation
Unfortunately we can't upgrade the deps for visual diff that easily, we need to make a significant code change. We could upgrade the |
I think the Renovate workflow can still be useful for dependency upgrades that don't break our tests, since they will be fully verified on Travis, and are merged manually. Also, when a new dependency version causes a breaking change (say, with visual tests), there is precedent for closing out the PR and skipping that version.
It's an indirect dependency, so it's not trivial to manually upgrade it.
Security vulnerabilities show up on the front page of the |
Adding a couple others for a review, since this is blocking the removal of security vulnerability warnings on the |
Chatted offline with @danielrozenberg about his concerns about upgrading the visual diff dependencies. This PR will not force-upgrade them. We can close the renovate PRs for |
Update: Security alert has been addressed by #23457 which was generated as a result of this PR. |
There's a security vulnerability in one of our test deps that uses an outdated dependency version. It turns out this is because Renovate is configured to upgrade
devDependencies
, but leavedependencies
alone (#23008).This PR moves all of the E2E and visual diff packages to
devDependencies
to enable automatic upgrades. It also adds some logging to the E2E tests (I found this useful while testing these changes.)Soon, we should see version upgrade PRs for the packages used by our tests.