ghost
commented
4 years ago I think this is a thing of configuration. See:
https://dependabot.com/blog/lockfile-only-updates/
But I don't know. Never set it up myself, just saw it in some repos.
Closed Soundofdarkness closed 3 years ago
ghost
commented
4 years ago I think this is a thing of configuration. See:
https://dependabot.com/blog/lockfile-only-updates/
But I don't know. Never set it up myself, just saw it in some repos.
Soundofdarkness
commented
4 years ago Yup, I will just leave it on for now, and will see if it actually has important updates I can do without breaking stuff
ghost
commented
3 years ago I would say just switch it off and I'll put in a PR here and there for updates.
Soundofdarkness
commented
3 years ago Yup that's probably the best way. And I'm keeping an eye on security updates too.
From what im seeing so far dependabot just bumps dependencies inside the lockfiles, since its stuff that needs to update in the respective packages, so im not so sure how useful this is going to be.