Run dependabot against main branch and also update node packages #307
Conversation
To avoid failures when there is no develop branch and issues where dependabot analyses the main branch, but then tries to open a PR against develop, which maybe is already updated. This should also help to resolve security findings in node packages.
|
Hi @dbast, I do not follow the "To avoid failures when there is no develop branch", we do all development against that branch in order to keep main as the latest released version, in case users where coming to the repo directly, which was happening a lot in the past |
|
@goanpeca Dependabot is currently failing as after the merge to main the develop branch was deleted (by accident?). We have to do a minor release after each merge to main and stop using the develop branch ... that avoids confused users and brings security related updates without delay to the main branch... Dependabot always analyses the default branch... then doing updates against a different branch (develop), which was maybe heavily updated, is very problematic (if that works at all) and no other action repo develops like that! |
Well it should not have been deleted, 🙃 need to restore it |
|
restoring it is easy.. thats not the problem... see the other arguments. |
|
Let's chat over at Element please, I think there is a misunderstanding of how the contribution process works |
To avoid failures when there is no develop branch and issues where dependabot analyses the main branch, but then tries to open a PR against develop, which maybe is already updated.
This should also help to resolve security findings in node packages.