Dependabot is now running on vanilla/vanilla
I finally figured out how to properly configure dependabot and am trying it out on vanilla/vanilla for our PHP dependencies. Expect to see some pull requests like this one.
If you want to enable it for our javascript dependencies, you can make a PR to the config file @Adam Charron. I recommend doing a manual update first though.
1
Comments
-
Not sure if I'd trust to properly update our lockfiles. Unfortunately as long as we're on yarn 1.x, our workspace's lockfile includes stuff from other repos (knowledge, analytics, internal).
It will very likely regenerate the lockfiles and remove those dependencies.
1