Closed andyw8 closed 2 months ago
vinistock
commented
2 months ago Should we instead add a constraint to the Gemfile? I assume the changes to make Rails compatible with it will soon land and then we will need to remember to remove the exclusion.
andyw8
commented
2 months ago That's what we had but Dependabot still tries to bump it: https://github.com/Shopify/ruby-lsp-rails/pull/346
It might be possible if we switch the versioning strategy but then it could be confusing if this repo behaves differently from others.
st0012
commented
2 months ago It might be possible if we switch the versioning strategy but then it could be confusing if this repo behaves differently from others.
I think it's probably fair to ask dependabot to not bump any major version upgrades? It generally happens a lot less frequently so we don't get much out of this automation. And looking at our version constraint declarations in Gemfile, it's something we want to avoid too.
vinistock
commented
2 months ago We don't auto-merge any major upgrades, which I think is fair so that someone has to understand what the major changes are. But we do want to keep dependencies up to date.
In my opinion, I wouldn't change the dependabot configuration. I'd just ignore the PR for sqlite until Rails supports it.
st0012
commented
2 months ago I'd just ignore the PR for sqlite until Rails supports it.
I know currently sqlite3 has its own PR, but how does dependabot decide whether to group it other bumps or not 🤔
vinistock
commented
2 months ago In the configuration. We only group minor and patches.
andyw8
commented
2 months ago Ok, let's wait and see how the v2 release activity is. There's only been two so far. If it's coming up weekly we can revisit. (We'll likely also run into this on Tapioca).
v2 of the sqlite3 gem is not compatible with Rails 7.1.