Skip to content
This repository was archived by the owner on Feb 6, 2026. It is now read-only.

chore: check for package updates using dependabot monthly#329

Closed
jlosito wants to merge 1 commit into
todogroup:mainfrom
jlosito:main
Closed

chore: check for package updates using dependabot monthly#329
jlosito wants to merge 1 commit into
todogroup:mainfrom
jlosito:main

Conversation

@jlosito

@jlosito jlosito commented Aug 22, 2024

Copy link
Copy Markdown

Motivation

I use repolinter in my devDependencies in order to check my repository. I've gotten a couple of security notifications from GitHub due to third-party libraries linked to repolinter. This change should help trying to keep dependencies up-to-date.

Proposed Changes

This will use dependabot to check for package udpates on a monthly basis. If there are any updates, dependabot will submit a pull request with a version bump.

Test Plan

There should be several pull requests made from dependabot.

@jlosito jlosito requested a review from hyandell as a code owner August 22, 2024 19:01
Signed-off-by: John Losito <lositojohnj@gmail.com>
@hyandell

Copy link
Copy Markdown
Member

Naive question - how does this differ from having Dependabot turned on and opening PRs like #325 ?

@jlosito

jlosito commented Aug 22, 2024

Copy link
Copy Markdown
Author

One that is currently being used is just around security issues. The one I am proposing is regardless whether there is a security issue or not.

@hyandell

Copy link
Copy Markdown
Member

Got it. This is a constant keep it fresh script.

Sounds good; but I'm unsure if there are enough eyeballs looking at merging things in [i'm very much an absent inherited-this maintainer, with one of my dayjob colleagues often helping out]. I've been leaning more to archiving the repository, perhaps switching to something simpler/newer for my dayjob needs.

@jlosito

jlosito commented Aug 22, 2024

Copy link
Copy Markdown
Author

I can very much relate.

It's probably not in your best interest to approve this change then. It can be very noisy. I created an issue with dependabot several months ago to provide cron expressions so that users can configure quarterly, semiannual, annual, etc. No traction on the update upstream though.

@hyandell

Copy link
Copy Markdown
Member

Thanks for your understanding. I've kicked off a thread on the TodoGroup Slack's repolinter channel to see what interest there is there in the project.

@hyandell

hyandell commented May 6, 2025

Copy link
Copy Markdown
Member

Closing per recommendation. We sadly don't have the activity levels to support noisy :(

@hyandell hyandell closed this May 6, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants