FoundryVTT-Module-Template icon indicating copy to clipboard operation
FoundryVTT-Module-Template copied to clipboard

Published 20 hours ago verified publisher icon League-of-Foundry-Developers

Create a Dependabot configuration

Open Varriount opened this issue 1 year ago • 4 comments

Create a Dependabot configuration for NPM/Yarn and GitHub Actions

Varriount avatar Sep 05 '22 23:09 Varriount

What’s the point of configuring it for npm/yarn? This is not an npm package.

ghost91- avatar Sep 06 '22 09:09 ghost91-

@ghost91- If a user of the template uses NPM/Yarn, this will tell Dependabot to file PRs for dependency updates.

Varriount avatar Sep 06 '22 20:09 Varriount

@ghost91- If a user of the template uses NPM/Yarn, this will tell Dependabot to file PRs for dependency updates.

The thing is: Most users of the template don’t.

As the template itself doesn’t use npm/yarn, I think that’s out of scope. Otherwise, you could also make a case for any other package manager to be included.

The template is intentionally kept simple, so I wouldn't add anything that doesn’t have a direct benefit. I think it’s even debatable if dependabot should be added at all.

ghost91- avatar Sep 07 '22 07:09 ghost91-

Ok, I've removed the NPM/Yarn configuration. Regarding the GitHub Action configuration, the reason I added it is because if there's a security bug or fix in a GitHub Action, it's usually best for the user to update as soon as possible.

Varriount avatar Sep 07 '22 20:09 Varriount