Please describe briefly the intended purpose of the change and the rationale behind it:
[ ] Notify developers of outdated dependencies after a release is created, so the next one can include an updated version
Roadmap
Please list the exact steps needed to implement the change here, in as much detail as you see fit:
[ ] Create a check-outdated-dependencies workflow that runs npm outdated on release (tag)
Personal Notes
I don't want to use dependabot for this since it spams the repository with issues/commits. Instead, it seems more reasonable to notify developers of outdated dependencies frequently, but not constantly to avoid getting stuck in a perpetual update loop.
In practice (i.e., later) releases should be frequent enough to make sure no urgent updates are missed. Additionally, we have CodeQL that's scheduled to run once per week, and a separate builtin dependabot alert for critical security updates (that doesn't spam the repository unless it's actually important).
Goals
Please describe briefly the intended purpose of the change and the rationale behind it:
Roadmap
Please list the exact steps needed to implement the change here, in as much detail as you see fit:
check-outdated-dependenciesworkflow that runsnpm outdatedonrelease(tag)Personal Notes
I don't want to use dependabot for this since it spams the repository with issues/commits. Instead, it seems more reasonable to notify developers of outdated dependencies frequently, but not constantly to avoid getting stuck in a perpetual update loop.
In practice (i.e., later) releases should be frequent enough to make sure no urgent updates are missed. Additionally, we have
CodeQLthat's scheduled to run once per week, and a separate builtin dependabot alert for critical security updates (that doesn't spam the repository unless it's actually important).