search

kumahq / kuma-gui

🐻 A GUI built on Vue.js for use with Kuma.
https://kuma.io/
Apache License 2.0
38 stars 20 forks source link

deps: re-evaluate new approach to automatic dependency updates #2641

Open johncowen opened 1 month ago

johncowen commented 1 month ago

Description

We recently changed our dependabot update approach in https://github.com/kumahq/kuma-gui/pull/2640

This change should stop dependabot editing our package file, but still lets dependabot change our lock file.

Importantly, this means we control the range of versions we have in our application, and more specifically allows us to say "never automatically update a to a possibly breaking version".

Dependabot should still be able to automatically update non-breaking changes, such as minors and patch/bugfixes

This issue will act as a nudge to come back and re-evaluate in a month or so whether this new approach is better than the previous approach. If it is we can just close this issue.

I'm going to fill this out with related issues and more explanation shortly (within a few days)

lobkovilya commented 1 month ago

Triage: when it's stale, please return back to pending.