Skip to content

[dependabot] disable for python and node#290

Merged
ryantm merged 1 commit intomainfrom
rtm-09-11-disable-dependabot-for-python-and-node
Sep 11, 2024
Merged

[dependabot] disable for python and node#290
ryantm merged 1 commit intomainfrom
rtm-09-11-disable-dependabot-for-python-and-node

Conversation

@ryantm
Copy link
Collaborator

@ryantm ryantm commented Sep 11, 2024

Why

  • We don't use python and node for upm, we use Go
  • We're getting reports we don't need to address on dependencies in our test suite.
  • It doesn't matter if there is an outdated or insecure dep in our test suite, since we aren't even running python or node code

What changed

  • Limit dependabot to 0 PRs in pip and npm ecosystems

Test plan

  • Stop seeing dependabot PRs for node and python

@ryantm
[dependabot] disable for python and node
d0a9bf0 
Why
===
* We don't use python and node for upm, we use Go
* We're getting reports we don't need to address on dependencies in
our test suite.
* It doesn't matter if there is an outdated or insecure dep in our
test suite, since we aren't even running python or node code

What changed
===
* Limit dependabot to 0 PRs in pip and npm ecosystems

Test plan
===
* Stop seeing dependabot PRs for node and python
@ryantm ryantm requested a review from a team as a code owner September 11, 2024 19:49
@ryantm ryantm requested review from blast-hardcheese and removed request for a team September 11, 2024 19:49
blast-hardcheese
blast-hardcheese reviewed Sep 11, 2024
View reviewed changes
.github/dependabot.yml
package-ecosystem: "npm"
schedule:
interval: "monthly"
open-pull-requests-limit: 0
Copy link
Contributor

@blast-hardcheese blast-hardcheese Sep 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this instead of just deleting the whole package-ecosystem block for the languages we don't care about?

Copy link
Collaborator Author

@ryantm ryantm Sep 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure dependabot is turned on org-wide so it was still doing updates without us even having this file.

blast-hardcheese
blast-hardcheese approved these changes Sep 11, 2024
View reviewed changes
Copy link
Contributor

@blast-hardcheese blast-hardcheese left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Either way is fine, thanks for fixing this!

@ryantm ryantm merged commit 9fdc39d into main Sep 11, 2024
@ryantm ryantm deleted the rtm-09-11-disable-dependabot-for-python-and-node branch September 11, 2024 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@blast-hardcheese blast-hardcheese blast-hardcheese approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

chore

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ryantm @blast-hardcheese