-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added dependabot #54
Added dependabot #54
Conversation
Neo2308
commented
Aug 8, 2023
- Added dependabot to keep go dependencies & actions updated.
9773417
to
78c55e7
Compare
@sywhang could you review? |
Hey @Neo2308 - sorry for the long delay for review. This looks good to me, but can you also add a gomod entry for "/tools" (i.e. https://github.com/uber-go/mock/tree/main/tools) |
* Added dependabot to keep go dependencies & actions updated.
Added internal folders to dependabot config
Added /tools to dependabot config
85876e5
to
fbdb9a4
Compare
@JacobOaks done :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks!
- package-ecosystem: "gomod" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
open-pull-requests-limit: 5 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @Neo2308 @JacobOaks I'd like to suggest reconsidering this change.
Adding dependabot for a library means that all users of the library must upgrade to latest version of all transitive dependencies all the time.
Please consider dropping this specific section from the dependabot so that the library's dependencies remain specific to only what it needs when it needs it. Everything else can remain as-is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.