Closed ripecosta closed 3 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 95.35%. Comparing base (
168c8d5
) to head (1747199
). Report is 60 commits behind head on master.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Thank you for the detailed explanation!
Why am I submitting this PR
Explicitly set Dependabot's
versioning-strategy
toincrease
(docs) to avoid the default behaviour of widening the allowed version or updating the lockfile only.The issue this is trying to solve
The default Dependabot behaviour is to either widen the version constraint (example:
^8.0.0
becomes^8.0.0 || ^9.0.0
) or update the lockfile only. In both cases the repo's lockfile gets updated but doesn't force a dependency update downstream. This means that while this repo is testing against the latest version of a given dependency, the projects using it might be using a version of the same dependency that's much older. This can become an issue in situations where this repo uses a feature that's only available in the newer version of the dependency (or a feature that's had a significant update to its behaviour in the newer version. Tests would pass just fine but downstream projects would crash, and there issues are often hard to debug.How it solved the issue
Dependabot's versioning strategy ensures that the version in the package.json is also updated, which means that when a new release is made that includes an updated, the downstream projects force an update of that dependency as well. This keeps the repo's versions and the downstream version's in sync, and catch dependency mismatch issues early.
Does it fix an existing ticket?
No
Checklist
yarn test
(see details here)