Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Opt-in Dependabot version update configuration #95

Merged

Conversation

svengreb
Copy link
Owner

@svengreb svengreb commented May 5, 2022

Resolves #94

The `.github/dependabot.yml` Dependabot configuration file [2] for
automation version updates [1] that was introduced in GH-52 [3] often
causes a lot of PR noise and does not really help since updates also
often require more action than just a bump of the version number itself
like migration steps or adjustments to changes (e.g. APIs or deprecated
implementations). Since Dependabot is not able to fulfill this and only
does a stupid increase of the version number it often creates more work
than it helps. The result are often hundreds of notifications and more
digital noise for developers and maintainers without any real benefit
since version & security updates are done on a regular schedule by
maintainers who know what they are doing and how modern software should
be maintained.
Therefore the `.github/dependabot.yml` file has been renamed to
`.github/dependabot.tmpl.yml` to disable Dependabot for this repository
while still allowing repositories that are based on this template
repository to opt-in.

[1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
[2]: https://github.com/svengreb/tmpl/blob/32925a1f/.github/dependabot.yml
[3]: #52

GH-94
@svengreb svengreb added this to the version-next milestone May 5, 2022
@svengreb svengreb self-assigned this May 5, 2022
@svengreb svengreb merged commit d34de53 into main May 5, 2022
@svengreb svengreb deleted the improvement/gh-94-opt-in-dependabot-version-update-config branch May 5, 2022 20:42
@svengreb svengreb removed their assignment May 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Opt-in Dependabot version update configuration
1 participant