- Keep all the dependencies outside the repository.
- Avoid using suspicious, unknown dependencies as they may introduce vulnerabilities.
- Use go mod as dependency manager.
- Run
go mod tidy
before sending any changes. - Use only official releases, avoid using master versions.
- Use npm as package manager.
- Run
npm ci
after checking out the repository to install dependencies. - Dependabot updates packages by creating pull requests for
the new releases of used packages. Its pull requests are marked with
area/dependency
label. - Update
package-lock.json
before sending any changes.
Copyright 2019 The Kubernetes Dashboard Authors