Bump tsd from 0.30.2 to 0.30.3 #356
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [tsd](https://github.com/tsdjs/tsd) from 0.30.2 to 0.30.3. - [Release notes](https://github.com/tsdjs/tsd/releases) - [Commits](tsdjs/tsd@v0.30.2...v0.30.3) --- updated-dependencies: - dependency-name: tsd dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
|
@jonkoops can we reduce this to
|
The lockfile needs to be updated whenever dependencies are updated, so I am not sure what you mean here. I can configure Dependabot to only run updates once a week, if that is what you prefer.
So you want to always create PRs for major versions? It's possible, I think by specifying a separate range, but we might as well do it once a week, should be no harm in that. Personally, I don't particularly care, I'll just merge them as they come along, but let me know what you prefer. |
Yes, but the reverse isn't true. Dependency version ranges don't need to be updated for the lock file to be updated. The end result is, you only need additional pull requests for major version changes, as minor version changes are captured when you update your lock file, assuming you used a This results in - what should be non-breaking changes - accumulated in one pull request, and breaking changes ready to review in separate pull requests. |
Ahh, yeah that makes sense indeed. It's always good to regenerate the lockfile every once and a while. Unfortunately, I don't believe Dependabot has this functionality, it can be configured to only update the lockfile for the dependencies listed in the package, but it will not update other dependencies in the lockfile. Personally, I also prefer Renovate, but it requires admin access to add it to the repository, so I just went the path of least resistance and configured Dependabot instead. If you, or @JedWatson can install the Renovate app, we can use it instead.
Yeah this is true. I like having both the lockfile and the package be on the latest versions (even if it's a range), hence I configured Dependabot to bump both versions. Either way, this is just a personal preference, and has no functional impact. If you like we can set up Renovate in a similar manner as your example configuration. |
Bumps tsd from 0.30.2 to 0.30.3.
Release notes
Sourced from tsd's releases.
Commits
bb28db10.30.36896a11Add code 2561 to known errors (#205)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)