Add yarn dependabot checks #68
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Merging fix-from-string-instruction to the master branch to fix several issues in PSB2 problems that involved using 'read-string' on strings.
Initial Dependabot config for `yarn` to check for necessary Node updates.
Fix a mistake – it should have been `npm` instead of `yarn`.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds Dependabot checks for the
yarn(i.e., Node) dependencies for the project. Since Propeller can (in principle) run in ClojureScript, there are JavaScript dependencies that probably need to be updated semi-regularly for security reasons.This adds an automated weekly check for out of date JavaScript dependencies, and will automatically create pull requests where there are updates that Dependabot thinks can be handled automatically.
We should at a minimum verify that the tests are passing before merging in a Dependabot PR, and given the incompleteness of the tests it would probably be good for someone to run a problem or two (in ClojureScript) as a sanity check to make sure things still work.
Actually, I'm not sure that there are any ClojureScript tests, so TBH I'm not sure what the best strategy is for determining if the ClojureScript version of the project is broken.