-
-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up Open PRs #1626
Comments
Regarding dependabot PRs: I’ve had small experience with dependabots on my personal projects. It basically scans the repository periodically to see if there are dependencies that can be updated without breaking the app, which help with closing security vulnerabilities from outdated packages. The only ones we would have to investigate manually are the ones with x marks that failed the build tests. But dependabots usually provide pretty good logs for one to investigate and fix. The failed reason varies. The one I experienced was an npm package that was super outdated and no longer supported/maintained. |
But also my experience is based on personal projects, which are relatively small compare to real world projects. I've read some devs pointed out that as the app grow larger the dependencybot conflicts would also increase since the number of dependencies would also most likely be growing. And also it would be catching stuff that we forgot to write tests for. Another suggestion is to just ignore them and keep all dependencies on current version so we can focus on other things. I would even delete those current dependabot PRs (since those PRs suggested dep versions maybe outdated later on). Then when we are ready to launch or scale, run the dependencybot and spend time dealing with them all at once. Not sure if this is for the best though. |
@Skydodle thanks. There are 36 dependabot open PRs, and maybe 2/3s have green checkmarks. In lieu of having a test framework, it may be prudent to go through each one and test that it doesn't break the map. It will take longer, but we don't have a better way of confirming that it was a non-breaking change. Alternatively, one could go and, on their own branch, implement the code change from each of the green checkmark dependabot PRs. This person would then test them all at once, and see if the map works as expected. If not, we'd have to go through and weed out the bad change. Thoughts? edit: I could be convinced that this is too much work, if green-checkmarks are pretty trustworthy. We could then use the above strategy for the questionable dependabot PRs. |
I could dig in to see if Github has any guidelines on testing all the dependabot changes on a target branch before just trusting them and merge to main. I can work on that. |
Thank you @Skydodle - I've moved the ticket to Prioritized Backlog. Please assign yourself when you begin working, partial investigative info is still useful. Feel free to do as much as you can and report your findings and unassign. |
Thanks @ryanfchase I will work on it in the next few days and post findings. |
@ryanfchase can you/ someone open a sub- issue specifically for dealing with the current dependabots PRs? I have some findings for short-term and long-term solution, and I want to post them under this new sub-issue for discussion. I don't want to clog up this current issue's board, as clearing the dependabot PRs is just one of many sub-stasks of this issue. Let me know what you think. |
@Skydodle I've opened a new issue here: #1641 We'll move the issue to Prioritized Backlog once you're satisfied with the strategy there. Please unassign yourself from this ticket and move it back to Prioritized Backlog (since you're soon to contribute to 1641). Also, feel free to open new issues on your own via the Blank Issue template. Assign to myself / @edwinjue for us to approve the issue. |
@edwinjue @ryanfchase I reviewed the remaning PRs listed in this issue (except the README one), all of them were requested to merge with the My suggestion is to close them without merge since they have no effect on the current working repo. Please kindly advise if I'm good to proceed. |
Thank you @Skydodle -- we're good to close the PRs without merge! Thank you for reviewing them. |
This is entire issue is ready to be closed, please kindly review the details below:
Side-note:
Let me know if I'm good to proceed and close this issue. Thank you =) |
Looking great @Skydodle -- this issue is good to close (moved to In Review while I was reviewing. Closing will move to Done) |
@ryanfchase Thank you clarifying the review & closing workflow! |
Overview
We have a long list of PRs that likely aren't being used anymore. We'll use this ticket to list, review, and handle each of those PRs.
Action Items: Please review these lists
PRs by Author
PRs which affect archived directories (e.g.
server
)Generally Outdated
The text was updated successfully, but these errors were encountered: