-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Opt-in Dependabot version update configuration #94
Milestone
Comments
svengreb
added a commit
that referenced
this issue
May 5, 2022
The `.github/dependabot.yml` Dependabot configuration file [2] for automation version updates [1] that was introduced in GH-52 [3] often causes a lot of PR noise and does not really help since updates also often require more action than just a bump of the version number itself like migration steps or adjustments to changes (e.g. APIs or deprecated implementations). Since Dependabot is not able to fulfill this and only does a stupid increase of the version number it often creates more work than it helps. The result are often hundreds of notifications and more digital noise for developers and maintainers without any real benefit since version & security updates are done on a regular schedule by maintainers who know what they are doing and how modern software should be maintained. Therefore the `.github/dependabot.yml` file has been renamed to `.github/dependabot.tmpl.yml` to disable Dependabot for this repository while still allowing repositories that are based on this template repository to opt-in. [1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates [2]: https://github.com/svengreb/tmpl/blob/32925a1f/.github/dependabot.yml [3]: #52 GH-94
svengreb
added a commit
that referenced
this issue
May 5, 2022
The `.github/dependabot.yml` Dependabot configuration file [2] for automation version updates [1] that was introduced in GH-52 [3] often causes a lot of PR noise and does not really help since updates also often require more action than just a bump of the version number itself like migration steps or adjustments to changes (e.g. APIs or deprecated implementations). Since Dependabot is not able to fulfill this and only does a stupid increase of the version number it often creates more work than it helps. The result are often hundreds of notifications and more digital noise for developers and maintainers without any real benefit since version & security updates are done on a regular schedule by maintainers who know what they are doing and how modern software should be maintained. Therefore the `.github/dependabot.yml` file has been renamed to `.github/dependabot.tmpl.yml` to disable Dependabot for this repository while still allowing repositories that are based on this template repository to opt-in. [1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates [2]: https://github.com/svengreb/tmpl/blob/32925a1f/.github/dependabot.yml [3]: #52 GH-94
svengreb
added a commit
to svengreb/tmpl-go
that referenced
this issue
May 8, 2022
Updated to `tmpl` version `0.11.0` [1] which comes with... 1. an opt-in Dependabot version update configuration [2] - this disabled the `.github/dependabot.yml` file [3] in order to remove the PR noise and reduce the maintenance overhead. Dependency updates will be made by keeping up-to-date with new `tmpl` repository versions instead which take care of this. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: svengreb/tmpl#94 [3]: https://github.com/svengreb/tmpl-go/blob/39cf0b85/.github/dependabot.yml GH-91
svengreb
added a commit
to svengreb/tmpl-go
that referenced
this issue
May 8, 2022
Updated to `tmpl` version `0.11.0` [1] which comes with... 1. an opt-in Dependabot version update configuration [2] - this disabled the `.github/dependabot.yml` file [3] in order to remove the PR noise and reduce the maintenance overhead. Dependency updates will be made by keeping up-to-date with new `tmpl` repository versions instead which take care of this. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: svengreb/tmpl#94 [3]: https://github.com/svengreb/tmpl-go/blob/39cf0b85/.github/dependabot.yml GH-91
arcticicestudio
pushed a commit
to svengreb/styleguide-markdown
that referenced
this issue
May 10, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 GH-61
svengreb
added a commit
to svengreb/styleguide-markdown
that referenced
this issue
May 10, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 GH-61
arcticicestudio
pushed a commit
to svengreb/styleguide-markdown
that referenced
this issue
May 10, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 GH-61
arcticicestudio
pushed a commit
to svengreb/styleguide-markdown
that referenced
this issue
May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 GH-61
arcticicestudio
pushed a commit
to svengreb/styleguide-markdown
that referenced
this issue
May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 GH-61
arcticicestudio
pushed a commit
to svengreb/styleguide-markdown
that referenced
this issue
May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 GH-61
arcticicestudio
pushed a commit
to svengreb/styleguide-javascript
that referenced
this issue
May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. 4. Migrated to Markdown style guide version 0.4.0 [6]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [6]: svengreb/tmpl#76 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 GH-86
arcticicestudio
pushed a commit
to svengreb/styleguide-javascript
that referenced
this issue
May 12, 2022
Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. 4. Migrated to Markdown style guide version 0.4.0 [6]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [6]: svengreb/tmpl#76 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 Co-authored-by: Sven Greb <[email protected]> GH-86
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
.github/dependabot.yml
Dependabot configuration file for automation version updates that was introduced in #52 often causes a lot of PR noise and does not really help since updates also often require more action than just a bump of the version number itself like migration steps or adjustments to changes (e.g. APIs or deprecated implementations). Since Dependabot is not able to fulfill this and only does a stupid increase of the version number it often creates more work than it helps. The result are often hundreds of notifications and more digital noise for developers and maintainers without any real benefit since version & security updates are done on a regular schedule by maintainers who know what they are doing and how modern software should be maintained.Therefore the
.github/dependabot.yml
file will be renamed to.github/dependabot.tmpl.yml
to disable Dependabot for this repository while still allowing repositories that are based on this template repository to opt-in.The text was updated successfully, but these errors were encountered: