Manual dependabot run: check and upgrade #12787
Comments
|
hi, i will like to pick this up but is there a list of dependencies you wish to prioritise? @rvagg |
|
@iyiola-dev yesterday we merged a change that now checks for strict dependency versions unless there is an "ignore" directive in a comment in go.mod next to that dependency. One stood out to me as being able to be upgraded from untagged to tagged: github.com/hannahhoward/go-pubsub - this would be a good start. Other than that, probably just go down go.mod and find one that has updates and try to update it. I'd suggest finding dependencies with fewer uses just to minimise the likelihood of there being problems upgrading it. You could easily check amount of usage with a
Running at least one integration test would be a good next step before committing and proposing the chance via a pull request. I think this might be a good one to try: We can do them individually or in small groups if they come logically together. Best if we consider them somewhat separately to identify problems as we go. We are also going to want to do some quick investigation of what's changed in the versions between (like dependabot gives you a commit log), so if you can help us by linking to a change set of commits that would be very helpful too. I know this is sometimes hard to come by if they're not on github. |
|
Hey @iyiola-dev. Is this still a ticket that you want to pick up? |
I'd like to get dependabot in here eventually, maybe with a very slow cadence, but at least we should be getting the option to upgrade things and not let them rot and surprise us.
The first step is to actually upgrade some dependencies. We have a lot that are out of date.
I'm making this as
good first issuebecause the task isn't to audit all dependencies, just chip away at them. A PR for a single upgrade would be good enough. We probably don't even want a lot of upgrades in a single PR, let's consider them individually. So if you'd like to help with this: work through the dependencies and find out which ones have updates and then upgrade one and see if everything compiles and still works; then open a PR and let's fine out!The text was updated successfully, but these errors were encountered: