Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce dependabot pull requests for web_embedding/ng-flutter sample #1809

Closed
johnpryan opened this issue May 11, 2023 · 1 comment · Fixed by #1810 or #1817
Closed

Reduce dependabot pull requests for web_embedding/ng-flutter sample #1809

johnpryan opened this issue May 11, 2023 · 1 comment · Fixed by #1810 or #1817

Comments

@johnpryan
Copy link
Contributor

johnpryan commented May 11, 2023
edited
Loading

This sample is an angular app, and after #1774, we're getting too many pull requests

For example, when Angular 16.0.1 was released, we got these pull requests:

We could change the interval to "weekly" and look for other ways to reduce the number of PRs, such as update-types: ["version-update:semver-minor"] or setting allow to dependency-type: "direct".

cc: @ditman @domesticmouse
johnpryan added a commit that referenced this issue May 11, 2023
@johnpryan
Reduce dependabot pull requests for web_embedding
024a990 
fixes #1809
@johnpryan johnpryan mentioned this issue May 11, 2023
Merged
domesticmouse pushed a commit that referenced this issue May 11, 2023
@johnpryan
Reduce dependabot pull requests for web_embedding (#1810)
86640b6 
This configures dependabot to check for out-of-date NPM packages weekly
instead of daily, and limits it to direct dependencies. There could be
more we could do if we dig through the [Configuration options for the
dependabot.yml
file](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file)
documentation.

cc: @ditman 

fixes #1809
@ditman ditman mentioned this issue May 12, 2023
Merged
5 tasks
@ditman
Copy link
Member

ditman commented May 12, 2023
edited
Loading

We setup the "update-types" to ignore minor and patch versions in flutter/packages. I've sent a PR to mimic that configuration for ng-flutter, and hopefully reduce the amount of PRs coming from npm dependabot!!

domesticmouse pushed a commit that referenced this issue May 12, 2023
@ditman
[ci] Reduce npm update noise. (#1817)
3d783af 
Take only security and major version updates for the `ng-flutter`
sample.

(Similar to what's done
[here](https://github.com/flutter/packages/blob/main/.github/dependabot.yml#L33-L35))

## Issues

* Fixes #1809

_See [docs about the `update-types` dependabot
setting](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore)._

## Pre-launch Checklist

- [x] I read the [Flutter Style Guide] _recently_, and have followed its
advice.
- [x] I signed the [CLA].
- [x] I read the [Contributors Guide].
- [x] I updated/added relevant documentation (doc comments with `///`).
- [x] All existing and new tests are passing.

If you need help, consider asking for advice on the #hackers-devrel
channel on [Discord].

<!-- Links -->
[Flutter Style Guide]:
https://github.com/flutter/flutter/wiki/Style-guide-for-Flutter-repo
[CLA]: https://cla.developers.google.com/
[Discord]: https://github.com/flutter/flutter/wiki/Chat
[Contributors Guide]:
https://github.com/flutter/samples/blob/main/CONTRIBUTING.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@johnpryan @ditman