Closed dependabot[bot] closed 9 months ago
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version
or @dependabot ignore this minor version
. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore
condition with the desired update_types
to your config file.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
Out of curiosity, why did you close this one? (And the Paket one)
No real good reason; I spend too much time in github notifications so stuff that normal humans can ignore brings out the tidy freak in me.
In general, dependabot PRs esp for build pieces feel like needless clutter. I mean I understand the benefits, esp if there is a security sensitivity.
In the case of this repo, having separate PRs (and commits on master) for checkout, setup-dotnet, fake, paket etc is too much.
If someone wants to update paket, great. But a dependabot PR and a merge per paket release? No thanks. There will be a V9 of paket at some point. And we'll upgrade to dotnet 8. And many FAKE releases. Better to pick a point in time to do a clump of them proactively rather than have a busywork loop.
Similarly, I use minver and things like that in other projects - having 15 dependabot PRs per release of it is definitely not helpful.
I've only ever glanced but assume dependabot have yet to build a way to consolidate build deps into a single PR and/or otherwise make things less noisy. At its worst dependabot is a kid with their first phone with the keyboard sounds turned on and alerts turned on for all the things.
(I'm similar about making up ones mind on issues rather than just letting them sit and fester. A lot of this is probably from watching Nick manage Serilog; the issue lists and PR queues are reasonable there despite insane usage numbers)
Also, as I discovered just now, just updating the tool dep doesnt begin to solve anything as:
MSBuildParams = { c.MSBuildParams with DisableInternalBinLog = true }
)If it was solely my project, I guess I'd consider turning off dependabot's tool checking entirely (though having said that, if there was e.g. a GHA reference that fixed a security issue is a build pipeline, I'd like to hear about it...)
Bumps fake-cli from 5.23.1 to 6.0.0.
Release notes
Sourced from fake-cli's releases.
Changelog
Sourced from fake-cli's changelog.
Commits
40dfff0
Merge pull request #2732 from FoothillSolutions/masterd4fbede
site fixes and release notes.8dbf221
Merge pull request #2727 from fsprojects/bump-version-to-6.0.0-beta001ebba263
Bump version to 6.0.0-beta00127bedef
6.0.0-beta001 release notes10f79f8
Merge pull request #2724 from FoothillSolutions/master832e9f1
Merge pull request #2716 from FoothillSolutions/27094b53a2d
Merge pull request #2720 from gdziadkiewicz/Add_paket_push_ignoreConflicts7531ac8
Add test for new ignoreConflicts parameter.449e99d
Add ignoreConflicts parameter to paket pushDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show