Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[dependabot] disable for python and node #290

Merged
merged 1 commit into from
Sep 11, 2024
Merged

[dependabot] disable for python and node #290

merged 1 commit into from
Sep 11, 2024

Conversation

ryantm
Copy link
Collaborator

@ryantm ryantm commented Sep 11, 2024

Why

  • We don't use python and node for upm, we use Go
  • We're getting reports we don't need to address on dependencies in our test suite.
  • It doesn't matter if there is an outdated or insecure dep in our test suite, since we aren't even running python or node code

What changed

  • Limit dependabot to 0 PRs in pip and npm ecosystems

Test plan

  • Stop seeing dependabot PRs for node and python

@ryantm
[dependabot] disable for python and node
d0a9bf0 
Why
===
* We don't use python and node for upm, we use Go
* We're getting reports we don't need to address on dependencies in
our test suite.
* It doesn't matter if there is an outdated or insecure dep in our
test suite, since we aren't even running python or node code

What changed
===
* Limit dependabot to 0 PRs in pip and npm ecosystems

Test plan
===
* Stop seeing dependabot PRs for node and python
@ryantm ryantm requested a review from a team as a code owner September 11, 2024 19:49
@ryantm ryantm requested review from blast-hardcheese and removed request for a team September 11, 2024 19:49
blast-hardcheese
blast-hardcheese reviewed Sep 11, 2024
View reviewed changes
.github/dependabot.yml
@@ -6,11 +6,13 @@ updates:
package-ecosystem: "npm"
schedule:
interval: "monthly"
open-pull-requests-limit: 0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this instead of just deleting the whole package-ecosystem block for the languages we don't care about?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure dependabot is turned on org-wide so it was still doing updates without us even having this file.

blast-hardcheese
blast-hardcheese approved these changes Sep 11, 2024
View reviewed changes
Copy link
Collaborator

@blast-hardcheese blast-hardcheese left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Either way is fine, thanks for fixing this!

@ryantm ryantm merged commit 9fdc39d into main Sep 11, 2024
3 checks passed
@ryantm ryantm deleted the rtm-09-11-disable-dependabot-for-python-and-node branch September 11, 2024 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blast-hardcheese blast-hardcheese blast-hardcheese approved these changes

Assignees
No one assigned
Labels
chore
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ryantm @blast-hardcheese