Skip to content

chore: kill dependabot#72

Merged
colinnielsen merged 1 commit intomainfrom
colinnielsen/mp-324-chore-kill-dependabot
Aug 22, 2023
Merged

chore: kill dependabot#72
colinnielsen merged 1 commit intomainfrom
colinnielsen/mp-324-chore-kill-dependabot

Conversation

@colinnielsen
Copy link
Copy Markdown
Contributor

@colinnielsen colinnielsen commented Aug 21, 2023

Background

Checklist

  • Documentation updated
  • Tested code changes

ticket

@linear
Copy link
Copy Markdown

linear bot commented Aug 21, 2023

MP-324 chore: Kill dependabot

its-everdred
its-everdred reviewed Aug 21, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@its-everdred its-everdred left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually like that we have an automated background job that finds and open PRs for the sake of addressing new security vulnerabilities. Otherwise it's on us to be very in tune with dependencies of dependencies that we've never heard of.

If we think it's too noisy, we can adjust the number of open PRs, frequency, interval, update-types etc. I'd rather make the safety net less frequent than non-existent

@colinnielsen colinnielsen force-pushed the colinnielsen/mp-324-chore-kill-dependabot branch from f421cbc to d1a118f Compare August 22, 2023 20:04
@colinnielsen
Copy link
Copy Markdown
Contributor Author

colinnielsen commented Aug 22, 2023

I actually like that we have an automated background job that finds and open PRs for the sake of addressing new security vulnerabilities. Otherwise it's on us to be very in tune with dependencies of dependencies that we've never heard of.

If we think it's too noisy, we can adjust the number of open PRs, frequency, interval, update-types etc. I'd rather make the safety net less frequent than non-existent

That's a fair call - I followed these instructions to only allow dependabot to push security-related prs

@colinnielsen colinnielsen merged commit b3c2f7f into main Aug 22, 2023
@colinnielsen colinnielsen deleted the colinnielsen/mp-324-chore-kill-dependabot branch September 13, 2023 01:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@its-everdred its-everdred its-everdred approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@colinnielsen @its-everdred