Closed kbdharun closed 3 months ago
Thanks for the PR. Dependabot is not super high on the list of things to add because the CI setup of linter depends on org.flatpak.Builder
where the linter is actually shipped and the manifests there needs to be manually updated and kept in sync with the dependencies here. So just merging dependabot updates won't help.
Also the linter lives in the critical chain of Flathub's build process and it is also served to third parties who use direct upload via docker images built from master
. So it is quite sensitive and I personally think we should be conservative and make updates only when necessary.
Changes
Continuing #166, this PR adds a dependabot config file to schedule automatic dependency updates (with PRs by dependabot) in a monthly schedule. This would ensure the dependencies are up to date and would allow addressing any breaking changes in the dependent packages then and there.
Detailed Explanation of changes