Graduated in Digital Media M.Sc. now developing the next generation of educational software. Since a while I develop full stack in Javascript using Meteor. Love fitness and Muay Thai after work.
I like this automation of version bumps but I'd really like to have it update the top-level dependant. In most cases the vulnerable packages are not the ones in the top level but x-levels deep. However, at the time the fixes are available through the bots, they are often fixed in the top level dependencies so ultimately I will update them anyway next time. Has anyone experience with configuring a bot to behave in this way?
Graduated in Digital Media M.Sc. now developing the next generation of educational software. Since a while I develop full stack in Javascript using Meteor. Love fitness and Muay Thai after work.
I like this automation of version bumps but I'd really like to have it update the top-level dependant. In most cases the vulnerable packages are not the ones in the top level but x-levels deep. However, at the time the fixes are available through the bots, they are often fixed in the top level dependencies so ultimately I will update them anyway next time. Has anyone experience with configuring a bot to behave in this way?
Okay I just realized, that's actually exactly what Greenkeeper or david-dm do :-)