Skip to content

Run dependabot against main branch and also update node packages #307

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 22, 2023
Merged

Run dependabot against main branch and also update node packages #307

merged 1 commit into from
Nov 22, 2023

Conversation

dbast
Copy link
Member

@dbast dbast commented Nov 22, 2023

To avoid failures when there is no develop branch and issues where dependabot analyses the main branch, but then tries to open a PR against develop, which maybe is already updated.

This should also help to resolve security findings in node packages.

@dbast
Run dependabot against main branch and also update node packages
54acf49 
To avoid failures when there is no develop branch and issues where
dependabot analyses the main branch, but then tries to open a PR
against develop, which maybe is already updated.

This should also help to resolve security findings in node packages.
@goanpeca
Copy link
Member

goanpeca commented Nov 22, 2023
edited
Loading

Hi @dbast, I do not follow the

"To avoid failures when there is no develop branch", we do all development against that branch in order to keep main as the latest released version, in case users where coming to the repo directly, which was happening a lot in the past

@goanpeca goanpeca marked this pull request as draft November 22, 2023 20:04
@dbast
Copy link
Member Author

dbast commented Nov 22, 2023

@goanpeca Dependabot is currently failing as after the merge to main the develop branch was deleted (by accident?).

We have to do a minor release after each merge to main and stop using the develop branch ... that avoids confused users and brings security related updates without delay to the main branch... Dependabot always analyses the default branch... then doing updates against a different branch (develop), which was maybe heavily updated, is very problematic (if that works at all) and no other action repo develops like that!

@dbast dbast marked this pull request as ready for review November 22, 2023 20:15
@goanpeca
Copy link
Member

goanpeca commented Nov 22, 2023
edited
Loading

@goanpeca Dependabot is currently failing as after the merge to main the develop branch was deleted (by accident?).

Well it should not have been deleted, 🙃 need to restore it

@dbast
Copy link
Member Author

dbast commented Nov 22, 2023

restoring it is easy.. thats not the problem... see the other arguments.

@goanpeca
Copy link
Member

Let's chat over at Element please, I think there is a misunderstanding of how the contribution process works

@goanpeca goanpeca merged commit 4370fe4 into main Nov 22, 2023
@dbast dbast deleted the extend-fix-dependabot branch November 23, 2023 09:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@goanpeca goanpeca goanpeca approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dbast @goanpeca