search

Canadian-Geospatial-Platform / app.geo.ca

The Geocore application found at app.geo.ca is an open source react application created to explore the geocore geospatial library. | L'application Geocore disponible sur app.geo.ca est une application de réaction open source créée pour explorer la bibliothèque géospatiale geocore.
https://canadian-geospatial-platform.github.io/app.geo.ca/
Other
1 stars 8 forks source link

Review of dependabot PRs #32

Open bo-lu opened 1 year ago

bo-lu commented 1 year ago

Not a major priority, but if you have downtime... PRs between 12 and 23 can be reviewed

johnweng001 commented 1 year ago

@bo-lu Two things:

  1. All PRs by dependabot are not changing the manifest file (package.json). I think we should include new version changes in package.json, and this can be done by adding versioning-strategy: increase in the dependabot.yml ( see also https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy)
  2. All PRs are against master branch. I think we should do it in dev branch. (we can move .github along with dependabot.yml into dev)
johnweng001 commented 1 year ago

@bo-lu
This is my strategy: will go through each lib version upgrade manually and smoke testing the app. will also check the dependency tree of related lib, identify any direct reference in the app-level code and look/test closer if any. If not causing any issue observed, will create a PR to dev for each upgrade.