Integrate dependabot

Question

Closed this issue 5 years ago · 7 comments

Dependabot is an awesome tool to bump your dependencies automatically.

@sntran could you please switch it on? I guess I am limited in my access rights.
Here's a how-to. Thanks!

Answer 1 · 2018-01-30T14:33:42.000Z

Do we have enough tests to ensure bumping dependencies every time will not cause any issue?

Answer 2 · 2018-01-30T14:47:00.000Z

Nope, but that on our list too: #7

Answer 3 · 2018-01-30T15:02:11.000Z

Answer 4 · 2018-01-30T16:01:47.000Z

There are many updates!

Answer 5 · 2018-02-26T15:34:54.000Z

@sobolevn Would you mind checking whether those newer version of dependencies won't break? They are mostly for testing.

Answer 6 · 2018-02-26T15:37:11.000Z

Sorry, I am quite busy with my primary job right now.
Maybe in two weeks or so. Is it fine?

Answer 7 · 2018-02-26T15:40:30.000Z

No worry. I will pull them down and run the tests tonight. If everything passes, I'll merge.