Skip to content
Search

DEV Community

Pacharapol Withayasakpunt
Pacharapol Withayasakpunt

Posted on

 

Automated Pull Requests, to merge or not?

#security #discuss

How do I review PR before merging, and what are the implications of merging?

Even if I merge, it should probably be easy to rollback?

Also, instead of sending hundreds of emails and notifications, before of one damn library (lodash, actually), please send only one summary. But for PRs, I guess it cannot be helped.

Bump lodash from 4.17.15 to 4.17.19

lodash suggestion

This is just wrong. I never use lodash either ways. (Actually, can't you scan package.json?) I can use resolutions, but it is very yarn-specific.

Top comments (1)

Collapse
 
lexlohr profile image
Alex Lohr

I think the way to go is first build a testing pipeline that will catch all errors from changes of external dependencies. Then merge them automatically after all tests are green.

DEV Community

Timeless DEV post...

Git Concepts I Wish I Knew Years Ago

The most used technology by developers is not Javascript.

It's not Python or HTML.

It hardly even gets mentioned in interviews or listed as a pre-requisite for jobs.

I'm talking about Git and version control of course.

One does not simply learn git

Read next

d_inventor profile image

I made inline styles CSP-compliant in .NET 6+. Here's how

Dennis -

grahamthedev profile image

AI and Ethics [Chapter 1]

GrahamTheDev -

mariamarsh profile image

What is it like to be a developer? (in gifs) 🗿

Maria 🍦 Marshmallow -

alvaromontoro profile image

My First Bug

Alvaro Montoro -