We found that upgrades to packages whose versions were specified with >= with no upper bound were not being properly managed by Dependabot. A test failure caused by an upgrade to govuk_publishing_components for a version released on 11 June was only surfaced when Dependabot opened a PR to upgrade rubocop-govuk on 26 June. The test failure was minor, but it's conceivable that there could be a more breaking change that we wouldn't be aware of until a separate pinned dependency has an available upgrade. This might cause the gem not to work as expected if included in apps with untested versions of dependencies
We might want to apply similar changes to other GOV.UK gems
This repo is owned by the publishing platform team. Please let us know in #govuk-publishing-platform when you raise any PRs.
We found that upgrades to packages whose versions were specified with
>=with no upper bound were not being properly managed by Dependabot. A test failure caused by an upgrade togovuk_publishing_componentsfor a version released on 11 June was only surfaced when Dependabot opened a PR to upgrade rubocop-govuk on 26 June. The test failure was minor, but it's conceivable that there could be a more breaking change that we wouldn't be aware of until a separate pinned dependency has an available upgrade. This might cause the gem not to work as expected if included in apps with untested versions of dependenciesWe might want to apply similar changes to other GOV.UK gems
This repo is owned by the publishing platform team. Please let us know in #govuk-publishing-platform when you raise any PRs.