Configure Dependabot to update all RubyGems #289
Merged
Commits on Nov 16, 2023
-
Configure Dependabot to update all RubyGems
By default Dependabot only monitors direct dependencies (those specified in the Gemfile) for updates. It appears to use `bundle update <dependency>` under the hood, which means that a Dependabot PR to update <dependency> can also include updates to sub-dependencies. This makes it harder to review because the PR will only include the Changelog of <dependency> and not of the sub-dependencies. My hope is that by configuring Dependabot to monitor direct and indirect (sub) dependencies[1] we'll end up with more, smaller/easier to review, PRs. I think the same change[2] has been working reasonably well in Signon and thought it was worth bringing gds-sso into line. [1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow [2]: alphagov/signon#2382
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.