search

dotnet / ResXResourceManager

Manage localization of all ResX-Based resources in one central place.
MIT License
1.29k stars 211 forks source link

feat: add dependabot.yml #594

Closed bdovaz closed 8 months ago

tom-englert commented 8 months ago

I'll only update dependencies when I'm actively working on a project, otherwise you will get an unusable history

e.g. try to figure out the last change related to a fix or feature here: https://github.com/Fody/Fody/commits/master

bdovaz commented 8 months ago

Updating dependencies is tedious and if you can have a tool to automate it, it is welcome.

About your concern about the commits history, it is something that has been relatively solved with the grouping of updates (it is already in the stable version):

https://github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-beta/

Besides, you can configure the schedule so that it is not daily and can be monthly for example so that it does not flood the history daily with commits of dependabot.

tom-englert commented 8 months ago

Updating dependencies is tedious and if you can have a tool to automate it, it is welcome.

No, it's not, you just have to use the right tools: https://github.com/sboulema/NuGetMonitor/

bdovaz commented 8 months ago

Updating dependencies is tedious and if you can have a tool to automate it, it is welcome.

No, it's not, you just have to use the right tools: https://github.com/sboulema/NuGetMonitor/

But I repeat again, you are mentioning a tool that you personally use for which you depend on VS as IDE and there are many more (VSCode, Rider, ...), I am talking about the general maintenance of an open source project (dependabot is the "native tool" provided by github) that should not depend on a person or his personal preferences regarding a tool.

It's my opinion but well what I said, tell me clearly if you don't want this PR to go anywhere and I'll close it.

tom-englert commented 8 months ago

Sorry if you've chosen an IDE with no good package management, but don't worry, you don't have to manage dependencies when you contribute, I will take care of this.

tom-englert commented 8 months ago

@bdovaz: since I saw you commenting on #579: https://github.com/sboulema/NuGetMonitor/ would be great candidate to migrate to some Multiplatform UI, so it could be used as plugin for other IDEs, too.