How do I review PR before merging, and what are the implications of merging?
Even if I merge, it should probably be easy to rollback?
Also, instead of sending hundreds of emails and notifications, before of one damn library (lodash, actually), please send only one summary. But for PRs, I guess it cannot be helped.
Bump lodash from 4.17.15 to 4.17.19
This is just wrong. I never use lodash either ways. (Actually, can't you scan
package.json?) I can use
resolutions, but it is very yarn-specific.
Top comments (1)
I think the way to go is first build a testing pipeline that will catch all errors from changes of external dependencies. Then merge them automatically after all tests are green.