Skip to content

[TASK] Use fixed versions of the development dependencies #707

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 5, 2024
Merged

[TASK] Use fixed versions of the development dependencies #707

merged 1 commit into from
Sep 5, 2024

Conversation

oliverklee
Copy link
Collaborator

We don't want to have sudden build failures when a new version of a development dependency gets released.

Instead, we'll keep having automatic Dependabot updates for our dependencies that will allow us to see the effects of each update before switchting to a new version of a dependency.

@oliverklee oliverklee added the dependencies Pull requests that update a dependency file label Sep 5, 2024
@oliverklee oliverklee self-assigned this Sep 5, 2024
@oliverklee
[TASK] Use fixed versions of the development dependencies
a44335e 
We don't want to have sudden build failures when a new version of
a development dependency gets released.

Instead, we'll keep having automatic Dependabot updates for our
dependencies that will allow us to see the effects of each
update before switchting to a new version of a dependency.
@oliverklee oliverklee force-pushed the task/fixed-dependencies branch from 41f89f8 to a44335e Compare September 5, 2024 12:14
JakeQZ
JakeQZ approved these changes Sep 5, 2024
View reviewed changes
Copy link
Collaborator

@JakeQZ JakeQZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, certainly updates to static analysis tools may detect additional issues, resulting in CI check failures.

Is Dependabot configured to check for updates to the tools installed with Composer, or does this still need to be done?

@JakeQZ JakeQZ merged commit 36ae13e into main Sep 5, 2024
21 checks passed
@JakeQZ JakeQZ deleted the task/fixed-dependencies branch September 5, 2024 15:43
@oliverklee
Copy link
Collaborator Author

Is Dependabot configured to check for updates to the tools installed with Composer,

Yes, it is, which results in PRs like #708.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JakeQZ JakeQZ JakeQZ approved these changes

@sabberworm sabberworm Awaiting requested review from sabberworm

Assignees

@oliverklee oliverklee

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
9.0.0: Drop support for PHP < 7.2 and...
Development

Successfully merging this pull request may close these issues.
2 participants
@oliverklee @JakeQZ