Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🛠 Repo: Set up Renovate #5055

Open
5 tasks done
JoshuaKGoldberg opened this issue Dec 27, 2023 · 0 comments
Open
5 tasks done

🛠 Repo: Set up Renovate #5055

JoshuaKGoldberg opened this issue Dec 27, 2023 · 0 comments
Assignees
@voxpelli
Labels
area: repository tooling concerning ease of contribution core-team issues which must be handled by Mocha's core team status: accepting prs Mocha can use your help with this one! type: feature enhancement proposal

Comments

@JoshuaKGoldberg
Copy link
Member

Tooling Suggestion Checklist

Overview

There are quite a few issues on this repo right now tracking out-of-date packages. We're going to enable Renovate to automatically create PRs to update packages.

Notes from @boneskull:

Looks reasonable. The only thing I’d suggest with the automated tooling (something like Renovate, yeah?) is to have a human in the loop for production dependency upgrades—check them closely. Mocha has been bitten several times due to semver violations in its dependency tree. I would also recommend using https://socket.dev/ as well (should be free for OSS). While Mocha hasn’t been hit by a malicious dep (to my knowledge), historical performance is not a guarantee of future results. 😄

Additional Info

No response
@JoshuaKGoldberg JoshuaKGoldberg added type: feature enhancement proposal area: repository tooling concerning ease of contribution labels Dec 27, 2023
@JoshuaKGoldberg JoshuaKGoldberg mentioned this issue Jan 8, 2024
Open
17 tasks
@JoshuaKGoldberg JoshuaKGoldberg added status: accepting prs Mocha can use your help with this one! core-team issues which must be handled by Mocha's core team labels Feb 6, 2024
This was referenced Mar 12, 2024
Closed
Open
voxpelli added a commit that referenced this issue Mar 26, 2024
@voxpelli
chore: activate dependabot for workflows
64a4a82 
Related to #5055
@voxpelli voxpelli mentioned this issue Mar 26, 2024
Merged
3 tasks
voxpelli added a commit that referenced this issue Mar 26, 2024
@voxpelli
chore: activate dependabot for workflows (#5123)
7a2781c 
Related to #5055
@JoshuaKGoldberg JoshuaKGoldberg mentioned this issue Sep 3, 2024
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@voxpelli voxpelli

Labels
area: repository tooling concerning ease of contribution core-team issues which must be handled by Mocha's core team status: accepting prs Mocha can use your help with this one! type: feature enhancement proposal
Projects
Maintenance Reboot
Status: Up Next
Milestone
No milestone
Development

No branches or pull requests
2 participants
@voxpelli @JoshuaKGoldberg