-
Notifications
You must be signed in to change notification settings - Fork 18
Runbook: Dependency Updates
This repository utilizes Dependabot to automatically updating dependencies for various package ecosystems, including but not necessarily limited to:
This process runs weekly, typically early Monday morning.
You can find a list of PRs opened by Dependabot here.
For any package ecosystem you have permissions via CODEOWNERS, review the updated dependency.
Dependabot will provide toggles in the PR description to show the Release notes, Changelog and Commits to help this. A quick review of these should indicate if there are likely to be any compatibility problems. If there are any concerns, loop in @alicenet/lead. Otherwise, feel free to review and approve the changes.
Once the PR has all required approvals and required checks passing, it should be safe to squash and merge.
Sometimes there might be an additional reviewer required. They will be listed under the Reviewers section, feel free to poke them to review.
If there is a merge conflict, you can instruct Dependabot to rebase with the following comment on the PR:
@dependabot rebase
Sometimes you have to wait on checks to pass and forget to come back. You can instruct Dependabot to squash and merge when reviews and checks are done with the following comment on the PR:
@dependabot squash and merge