lwc icon indicating copy to clipboard operation
lwc copied to clipboard

Published 20 hours ago verified publisher icon salesforce

chore: enable Dependabot updates

Open rui-rayqiu opened this issue 1 year ago • 2 comments

Details

First try on enabling Dependabot for weekly automatic dependency updates.

Does this pull request introduce a breaking change?

  • ✅ No, it does not introduce a breaking change.

Does this pull request introduce an observable change?

  • ✅ No, it does not introduce an observable change.

GUS work item

rui-rayqiu avatar Sep 02 '23 00:09 rui-rayqiu

/nucleus test

abdulsattar avatar Sep 07 '23 13:09 abdulsattar

There are a few dependencies that we don't update like prettier and some resolutions like jasmine-core, semver. Can we do something about them?

We can't fix this without a lot of churn. For now, we should

  1. Search through all the package.json files for // comments
  2. Find all dependencies that must be pinned, such as jasmine-core and prettier
  3. Add them to the ignore list

For semver, which uses the yarn "resolutions", there is apparently nothing we need to do:

Dependabot cannot increase the version in the resolutions field. However it respects the value in the resolutions field when it bumps a dependency.

nolanlawson avatar Sep 14 '23 22:09 nolanlawson

Superseded by #4130. Incidentally a lot of things have changed in the past ~6 months so we don't need to pin as many dependencies.

nolanlawson avatar Apr 10 '24 22:04 nolanlawson