1·
22 hours agoexactly my point, I’d suggest automating that before I bothered with PRs that upgrade versions, as it’s a waste of time.
Eager Eagle
- 0 Posts
- 8 Comments
Joined 2 years ago
Cake day: July 7th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
“manual changes”, which connotes “local changes”
It doesn’t. Manual as in a PR with upgrades that you’re suggesting yourself, as opposed to running dependabot.
Putting up a PR with changes isn’t considered a manual anything.
If I have to open a PR myself, that’s very much a manual change.
that’s a lot of FUD, topgrade just upgrades using all package managers you have, it doesn’t do the upgrades itself bypassing the manager that installed it, or package authors.
dependabot is a tool for repos, not to apply local changes
That may work for a handful of projects. It’d be my full time job if I did it for everything I run. Also, I might simply suggest maintainers to adopt dependabot or an alternative before I spend time with manual changes. These things should be automated.
what’s the alternative? Write a PR yourself?
upgrade all things by default
I’ve been doing that for years. Rollbacks are very rare, to the point that it doesn’t make much of a difference whether I do them all at once or not, other than spending more time to do it.
If I wasn’t using containers for everything, sure. Otherwise it’s a bit of an excessive concern.