Replies: 1 comment
-
|
We decided to enable Dependabot only for direct dependencies, and to enable auto-approval / auto-merge for Dependabot PRs relevant to patch update of dependencies. See PRs #184, #193, and #198 We will monitor this new dependency workflow for a while, and then continue the discussion here. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I triggered a dependabot refresh because I wanted to upgrade qbraid-sdk, and that refresh opened 10 PRs, which I had to merge one by one. For dependencies that bump a patch version of the package, we should consider automerging dependabot PRs.
We should also clean up our dependency tree, there may be packages that we no longer use after the provider/device refactoring.
Beta Was this translation helpful? Give feedback.
All reactions