build(deps): add dependabot configuration #2162
Conversation
|
I think this should be categorized as "build-related changes" rather than a feature |
vinayakkulkarni
changed the title
|
@vinayakkulkarni My apologies if this sounds like a stupid question. So does this PR help to enforce package.json / lock files in people's PRs going forward? I'm not familiar with the changes your submitting, so appreciate any guidance you can provide! |
|
Sorry about the late response, The config does not enforce anything in peoples' PRs, it basically removes user intervention in bumping the package dependencies version. Basically, automates #2157 via dependabot Bot so that the package dependencies are automatically up-to-date. |
|
Agree that we need a bot to keep updating dependencies. However, I don't have many experience in it. What the pros and cons between Renovate and Dependabot? |
I've been using dependabot for a long time now and now since it's owned by GitHub, it's even more awesomer! Last time I tried using renovate, i had some billing related issue.. will have to explore Renovate pricing & plans though. |
|
Thanks for working on this @vinayakkulkarni! |
<3 btw, dependabot was acquired by GitHub, I'll create a new PR to support v2 of dependabot |
* feat: add dependabot configuration * config: update .dependabot/config.yml Co-authored-by: Ben Hong <[email protected]>
Summary
What kind of change does this PR introduce? (check at least one)
If changing the UI of default theme, please provide the before/after screenshot:
Does this PR introduce a breaking change? (check one)
Other information:
PS. I've set the default reviewer to me, but it can be anyone from the core team.
// cc @bencodezen, @ulivz