Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tell Dependabot to vendor dependencies when updating them #318

Merged
merged 1 commit into from
May 8, 2024
Merged

Tell Dependabot to vendor dependencies when updating them #318

merged 1 commit into from
May 8, 2024

Conversation

spaze
Copy link
Owner

@spaze spaze commented May 8, 2024
edited
Loading

Hopefully it does what it says on the tin, and that's also updating the files in the vendor folder.
It doesn't, reverted in #328.

Dependabot composer updates config added in #315
Followed up by #323

@spaze
Tell Dependabot to vendor dependencies when updating them
cf3d5dc 
Hopefully it does what it says on the tin, and that's also updating the files in the vendor folder.

Dependabot composer updates config added in #315
@spaze spaze self-assigned this May 8, 2024
@spaze spaze merged commit abdf40e into main May 8, 2024
37 checks passed
@spaze spaze deleted the spaze/dependabot-vendor branch May 8, 2024 04:37
spaze added a commit that referenced this pull request May 8, 2024
@spaze
Allow both direct and indirect Dependabot updates for all packages
ce8505b 
Follow-up to #315, #318
This was referenced May 8, 2024
Merged
Merged
spaze added a commit that referenced this pull request May 8, 2024
@spaze
Allow both direct and indirect Dependabot updates for all packages (#323
79a9c52 
)

Follow-up to
- #315
- #318
@spaze spaze mentioned this pull request May 9, 2024
Merged
spaze added a commit that referenced this pull request May 9, 2024
@spaze
Run Dependabot updates monthly for NPM and Composer, as a last resort (
cf44ea2 
…#328)

Revert "Tell Dependabot to vendor dependencies when updating them" 

It doesn't seem to do what I thought it would do, at least for Composer,
it doesn't actually download the changed files.

This reverts commit cf3d5dc #318

I check NPM and Composer usually manually (`npm outdated`, `composer
outdated`), often weekly, sometimes more often.

Keep GitHub actions weekly, as that I don't check manually because I
don't if that's even possible.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@spaze spaze

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@spaze