Opt-in Dependabot version update configuration #94

svengreb · 2022-05-05T19:38:51Z

The .github/dependabot.yml Dependabot configuration file for automation version updates that was introduced in #52 often causes a lot of PR noise and does not really help since updates also often require more action than just a bump of the version number itself like migration steps or adjustments to changes (e.g. APIs or deprecated implementations). Since Dependabot is not able to fulfill this and only does a stupid increase of the version number it often creates more work than it helps. The result are often hundreds of notifications and more digital noise for developers and maintainers without any real benefit since version & security updates are done on a regular schedule by maintainers who know what they are doing and how modern software should be maintained.
Therefore the .github/dependabot.yml file will be renamed to .github/dependabot.tmpl.yml to disable Dependabot for this repository while still allowing repositories that are based on this template repository to opt-in.

The text was updated successfully, but these errors were encountered:

The `.github/dependabot.yml` Dependabot configuration file [2] for automation version updates [1] that was introduced in GH-52 [3] often causes a lot of PR noise and does not really help since updates also often require more action than just a bump of the version number itself like migration steps or adjustments to changes (e.g. APIs or deprecated implementations). Since Dependabot is not able to fulfill this and only does a stupid increase of the version number it often creates more work than it helps. The result are often hundreds of notifications and more digital noise for developers and maintainers without any real benefit since version & security updates are done on a regular schedule by maintainers who know what they are doing and how modern software should be maintained. Therefore the `.github/dependabot.yml` file has been renamed to `.github/dependabot.tmpl.yml` to disable Dependabot for this repository while still allowing repositories that are based on this template repository to opt-in. [1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates [2]: https://github.com/svengreb/tmpl/blob/32925a1f/.github/dependabot.yml [3]: #52 GH-94

Updated to `tmpl` version `0.11.0` [1] which comes with... 1. an opt-in Dependabot version update configuration [2] - this disabled the `.github/dependabot.yml` file [3] in order to remove the PR noise and reduce the maintenance overhead. Dependency updates will be made by keeping up-to-date with new `tmpl` repository versions instead which take care of this. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: svengreb/tmpl#94 [3]: https://github.com/svengreb/tmpl-go/blob/39cf0b85/.github/dependabot.yml GH-91

Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 GH-61

Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. 4. Migrated to Markdown style guide version 0.4.0 [6]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [6]: svengreb/tmpl#76 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 GH-86

Updated to `tmpl` version `0.11.0` [1], including the versions in between starting from 0.10.0 [2]: 1. Optimized GitHub action workflow scope [3]. 2. Updated Node.js packages & GitHub actions [4] [^1] [^2]. 3. Opts-in the Dependabot version update configuration [5]. 4. Migrated to Markdown style guide version 0.4.0 [6]. This also includes changes required for any linter matches. [1]: https://github.com/svengreb/tmpl/releases/tag/v0.11.0 [2]: https://github.com/svengreb/tmpl/releases/tag/v0.10.0 [3]: svengreb/tmpl#84 [4]: svengreb/tmpl#86 [5]: svengreb/tmpl#94 [6]: svengreb/tmpl#76 [^1]: svengreb/tmpl#78 [^2]: svengreb/tmpl#83 Co-authored-by: Sven Greb <development@svengreb.de> GH-86

svengreb added type-improvement scope-dx scope-quality target-base context-techstack labels May 5, 2022

svengreb added this to the Next milestone May 5, 2022

svengreb self-assigned this May 5, 2022

svengreb modified the milestone: version-next May 5, 2022

svengreb added scope-maintainability and removed scope-quality labels May 5, 2022

svengreb mentioned this issue May 5, 2022

Opt-in Dependabot version update configuration #95

Merged

svengreb closed this as completed in #95 May 5, 2022

svengreb removed their assignment May 5, 2022

svengreb mentioned this issue May 8, 2022

Update to tmpl template repository version 0.11.0 svengreb/tmpl-go#91

Closed

svengreb mentioned this issue May 10, 2022

Update to tmpl template repository version 0.11.0 svengreb/styleguide-markdown#61

Closed

svengreb mentioned this issue May 12, 2022

Update to tmpl template repository version 0.11.0 svengreb/styleguide-javascript#86

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Opt-in Dependabot version update configuration #94

Opt-in Dependabot version update configuration #94

svengreb commented May 5, 2022

Opt-in Dependabot version update configuration #94

Opt-in Dependabot version update configuration #94

Comments

svengreb commented May 5, 2022