Update all dependencies using Dependabot #613
Conversation
colinrotherham
added
the
dependencies
colinrotherham
force-pushed
the
dependabot-all
branch
from
6a17c68
to
be00760
Compare
|
I'm not sure if it's realistic for us to stay on top of weekly Dependabot PRs – have added an agenda item to our next 'dev catch up' to discuss what we want to do. |
colinrotherham
force-pushed
the
dependabot-all
branch
from
a1e529c
to
936ccbe
Compare
package.json
Outdated
| @@ -20,6 +20,7 @@ | |||
| "build:css": "csso src/autocomplete.css -o dist/accessible-autocomplete.min.css", | |||
| "build:js": "cross-env NODE_ENV=production webpack --progress", | |||
| "build": "run-s \"build:js\" \"build:css\"", | |||
| "postbuild": "node scripts/check-staged.mjs", | |||
There was a problem hiding this comment.
Do we really want this to run whenever we run npm run build locally? I'm not sure I follow the thinking here.
There was a problem hiding this comment.
Yeah think so, for local development you'll run npm run dev instead
From our contributor PRs you'll see everyone misses it currently and follows up with a commit
Output will also stay silent unless dist/ has changed
There was a problem hiding this comment.
From our contributor PRs you'll see everyone misses it currently and follows up with a commit
Won't that still happen, if contributors are using npm run dev instead of npm run build?
Where are we expecting npm run build to be run where we want this to happen? Are there any places in CI where we're not adding --ignore-scripts?
I won't block this PR on it, but unless there's a clear reason for this change I'd be tempted to remove this change and have the 'Check for unstaged changes' job call node scripts/check-staged.mjs directly.
There was a problem hiding this comment.
Won't that still happen, if contributors are using
npm run devinstead ofnpm run build?
Nah we use webpack-dev-server so output isn't written to disk for npm run dev
We use npm run build for the "To build the project for distribution" docs + commit hook
I'm happy either way so I'll make your changes, not a problem
colinrotherham
force-pushed
the
dependabot-all
branch
from
936ccbe
to
9029098
Compare
* Group ‘build’ for dependencies that might modify dist * Group ‘test’ for dependencies that might break checks * Group ‘tools’ for all other dependencies
colinrotherham
force-pushed
the
dependabot-all
branch
from
9029098
to
d2733c2
Compare
colinrotherham
force-pushed
the
dependabot-all
branch
from
d2733c2
to
4de7dcb
Compare
This PR enables Dependabot updates for npm and GitHub Actions including:
monthlyintervalsPreviously only security-related updates were included
Probably wait for #612 to merge first