Skip to content

Increase versions only if necessary #254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 17, 2021
Merged

Increase versions only if necessary #254

merged 1 commit into from
May 17, 2021

Conversation

@greg0ire
Copy link
Member

@greg0ire greg0ire commented May 15, 2021
edited
Loading

Dependabot is creating many PRs which require new versions of packages
for no good reason.
This new strategy will bump version constraints only when necessary,
i.e. in order to get a major upgrade.
Another strategy would be to let it widen the range, but it does not
make much sense for a coding standard packages such as this one, since
users are unlikely to have a dependency on the dependencies of this
package. Note that we do have 2 dependencies that use pipes:

  • one is on PHP, and it makes sense to keep it;
  • one is on a package that is a composer plugin, and we might want to
    drop it once Composer 1 usages is deemed low enough.

Closes #253 , closes #233

@greg0ire
Increase versions only if necessary
a7f58e0 
Dependabot is creating many PRs which require new versions of packages
for no good reason.
This new strategy will bump version constraints only when necessary,
i.e. in order to get a major upgrade.
Another strategy would be to let it widen the range, but it does not
make much sense for a coding standard packages such as this one, since
users are unlikely to have a dependency on the dependencies of this
package. Note that we do have 2 dependencies that use pipes:
- one is on PHP, and it makes sense to keep it;
- one is on a package that is a composer plugin, and we might want to
drop it once Composer 1 usages is deemed low enough.
@greg0ire
Copy link
Member Author

greg0ire commented May 15, 2021

Afterwards, let's see if #250 refreshes to use whatever this change should translate to. If not, I will push to the branch of that PR.

@greg0ire greg0ire requested a review from a team May 15, 2021 10:01
@greg0ire greg0ire requested a review from a team May 15, 2021 11:40
@greg0ire greg0ire requested review from alcaeus and beberlei May 17, 2021 07:19
@ostrolucky ostrolucky merged commit cfda1d6 into doctrine:9.0.x May 17, 2021
@greg0ire greg0ire deleted the less-dependabot-noise branch June 25, 2021 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alcaeus alcaeus alcaeus approved these changes

@ostrolucky ostrolucky ostrolucky approved these changes

@SenseException SenseException SenseException approved these changes

@beberlei beberlei Awaiting requested review from beberlei

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@greg0ire @alcaeus @ostrolucky @SenseException