Skip to content

Add dependabot for web dependencies #1882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

Add dependabot for web dependencies #1882

wants to merge 17 commits into from

Conversation

samfreund
Copy link
Member

Description

A decent chuck of the web dependencies for photon-client and the landing page are out of date. Instead of updating them by hand, we can use dependabot to update them automatically for us. This will also help us in the future, as we will get updates as new versions are released.

Meta

Merge checklist:

  • Pull Request title is short, imperative summary of proposed changes
  • The description documents the what and why
  • If this PR changes behavior or adds a feature, user documentation is updated
  • If this PR touches photon-serde, all messages have been regenerated and hashes have not changed unexpectedly
  • If this PR touches configuration, this is backwards compatible with settings back to v2024.3.1
  • If this PR addresses a bug, a regression test for it is added

@samfreund samfreund requested a review from a team as a code owner April 11, 2025 20:22
@mcm001
Copy link
Contributor

mcm001 commented Apr 11, 2025

Are you sure this is the correct place for this file?

[you] can edit the default dependabot.yml configuration file that GitHub creates for you in the /.github directory of your repository

https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide

@samfreund
Copy link
Member Author

Are you sure this is the correct place for this file?

[you] can edit the default dependabot.yml configuration file that GitHub creates for you in the /.github directory of your repository

https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide

Yea nope. Definetely not. I'm gonna be busy until 2100 prolly, but if someone else wants to fix it feel free.

@Gold856
Copy link
Contributor

Gold856 commented Apr 11, 2025

I'm not sure we're ready for this. We're still stuck on Vue 2.7 and I think a good chunk of dependencies are also tied down because of that. We may want to wait until someone does #885.

@samfreund
Copy link
Member Author

Yeah, probably. We can still use it for the landing site webpage tho.

@samfreund
Copy link
Member Author

And the docs.

@GrahamSH-LLK
Copy link

To be honest, I think the dependabot PR spam is more detrimental than positive

@samfreund
Copy link
Member Author

samfreund commented Apr 11, 2025
edited
Loading

To be honest, I think the dependabot PR spam is more detrimental than positive

If you want to be in charge of updating dependencies whenever new versions get released, we could do that too. Otherwise tho, it's better to use dependabot as it makes staying up to date a lot easier.

@samfreund samfreund added enhancement New feature or request website anything relating to https://photonvision.org labels Apr 14, 2025
@samfreund samfreund added the frontend Having to do with PhotonClient and its related items label Apr 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request frontend Having to do with PhotonClient and its related items website anything relating to https://photonvision.org
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@samfreund @mcm001 @Gold856 @GrahamSH-LLK