You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tracking all dependencies updates is really nice, but updating packages like that(even patch or minor) is NOT SAFE at all, due to human nature of open source packages publishing. Without testing package updates will lead to long debug sessions.
Currently we have github actions setup to run tests on PR and deploy stages, and dependabot creates PR for each dependency update.
Would be great to offload testing dependencies updates outside of github actions though, cos running multiple actions in parallel slows down each action pretty significantly.
Separate from github dashboard is also not very useful, as it requires context change. It could be nice to have ability to create PR based on selected packages to update, and have tests running for this specific PR, cos currently dependabot creates PR for every dependency in the project, and it would be nice to get notifications from your service about new versions. Would be great to have some kind of issue in github with all the list of outdated dependencies, or your dashboard integrated to github.
PS: A lot of developers just can't allow your app access to make changes due to security risks and NDA. including me.
The text was updated successfully, but these errors were encountered:
Tracking all dependencies updates is really nice, but updating packages like that(even patch or minor) is NOT SAFE at all, due to human nature of open source packages publishing. Without testing package updates will lead to long debug sessions.
Currently we have github actions setup to run tests on PR and deploy stages, and
dependabotcreates PR for each dependency update.Would be great to offload testing dependencies updates outside of github actions though, cos running multiple actions in parallel slows down each action pretty significantly.
Separate from github dashboard is also not very useful, as it requires context change. It could be nice to have ability to create PR based on selected packages to update, and have tests running for this specific PR, cos currently dependabot creates PR for every dependency in the project, and it would be nice to get notifications from your service about new versions. Would be great to have some kind of issue in github with all the list of outdated dependencies, or your dashboard integrated to github.
PS: A lot of developers just can't allow your app access to make changes due to security risks and NDA. including me.
The text was updated successfully, but these errors were encountered: