Dependabot: discontinue its usage and manually update dependencies when it makes sense #2324
Replies: 3 comments 2 replies
-
|
A draft PR has been sent: #2325 |
Beta Was this translation helpful? Give feedback.
-
|
Have you considered https://github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-beta/ ? Could be a middle ground. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, we removed them in #1582 basically because the release notes were confuse and downstream consumers would not read them in a clearly manner, knowing what goes inside each group. |
Beta Was this translation helpful? Give feedback.
-
|
Have you considered using https://docs.renovatebot.com/ instead ? |
Beta Was this translation helpful? Give feedback.
-
|
PR has been merged. Closing |
Beta Was this translation helpful? Give feedback.
-
Hi 👋 we are planning to discontinue the usage of dependabot (or any other automated tool) to update the dependencies of the project. Given the amount of new modules we have, the work to handle the dependencies is huge and growing month by month. It takes 2-3 days just rebasing, merging, combining PRs from the bot in order to have the project with the latest dependencies.
And it could be the case those dependencies are not needed, because they will force consumers to bump a lot of them in their own code.
Of course, security updates will have top priority and we will react when they appear.
Thoughts?
Beta Was this translation helpful? Give feedback.
All reactions