Replies: 1 comment 1 reply
-
I think keeping Rust dependencies up-to-date is more valuable than anything else. It's also much easier to verify that a dependency upgrade doesn't break things in the backend, because all that code is tested better. For that reason I would even accept automatic merging of I am less opinionated about the frontend. I think the maker frontend is meant to be used internally (perhaps it shouldn't even be public), so I would simply disable For the taker frontend, I don't know how important it is to keep dependencies up-to-date. In my biased and limited opinion, we are not doing much fancy or critical stuff in the frontend, nor are we changing things as frequently as in the backend. So keeping dependencies up-to-date also doesn't seem crucial. But I would delegate to others to decide on this. All in all, I would be okay with something like:
|
Beta Was this translation helpful? Give feedback.
-
@klochowicz and me had a lengthy discussion in #3127 on how to use dependabot and when to upgrade dependencies.
This was kicked off by me because I found the latest changes made dependabot too spamy.
So far, only @klochowicz voiced his opinion, hence, I'm opening this discussion so that we can re-evaluate how we want to use dependabot and the version updates.
Beta Was this translation helpful? Give feedback.
All reactions