Setup depfu to keep dependencies up to date #255
Comments
|
Hey @bumi thanks for this and the PR. My attitude about dependencies is to try and only upgrade them for security vulnerabilities (Which I had Snyk setup to monitor, but it looks like I've fallen behind on a few) or if there's a particular bugfix or feature from a new version I find I need. Were there any particular packages you felt would be worth upgrading for new features (e.g. antd) or were you hoping to just keep all of them up to date? |
|
ah I see. I was just trying to keep them up to date as I feel it gets harder to update the more out of date they are. And at some point older versions also don't get security updates anymore. |
Merged
|
We're all up to date now and I'm gonna keep dependabot going for important updates. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently quite some dependencies need to be updated. I've tried to start doing that manually but it is quite a hassle. Maybe we can setup depfu to keep them up to date.
Depfu creates PRs for each dependency which makes it easy to review them step by step. Depfu can also create PRs for out-of-spec dependencies to keep those updated even outside of the specified constraints.
To test how it works for joule I've added it to my fork
The text was updated successfully, but these errors were encountered: