Closed axel7083 closed 1 month ago
bates64
commented
1 month ago I'm against this until we have tests. We've had issues in the past updating minor versions of packages that have introduced subtle bugs. Just updating a package for the sake of keeping it up-to-date has no utility.
ethteck
commented
1 month ago Yeah I appreciate the thought, but this is the kind of thing that I think would be better as not PRs but some sort of notification list of outdated dependencies that can be manually checked
bates64
commented
1 month ago but some sort of notification list of outdated dependencies that can be manually checked
This is called yarn outdated
Some packages in the
frontend/packages.jsonare a bit outdated, keeping them up to date manually can be often tedious.Github has the
dependabotallowing to automate this process.See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file