-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
39 additions
and
0 deletions.
There are no files selected for viewing
39 changes: 39 additions & 0 deletions
39
art-decisions/proposals/2023-03-08-automated-dependency-updates.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| # Automated dependency updates | ||
|
|
||
| Renovate applied to all current and future projects in the arcalot GitHub org | ||
|
|
||
| ## Voting Period | ||
|
|
||
| The voting period for this proposal will be open for 10 days from its submission. | ||
|
|
||
| ## Benefits | ||
|
|
||
| Renovate is a tool that automates dependency updates in your repository by opening pull requests for you. Here are some of the benefits of using Renovate: | ||
|
|
||
| 1. Save time and effort: Manually updating dependencies can be time-consuming and error-prone, especially if you have many repositories to maintain. Renovate automates the process by automatically checking for updates and opening pull requests, saving you time and effort. | ||
|
|
||
| 2. Keep dependencies up-to-date: Keeping dependencies up-to-date is important to ensure that your code is secure, reliable, and compatible with the latest technologies. Renovate helps you stay up-to-date by regularly checking for updates and opening pull requests to update dependencies. | ||
|
|
||
| 3. Reduce security risks: Outdated dependencies can pose security risks, as they may contain known vulnerabilities that can be exploited by attackers. Renovate helps you reduce security risks by automatically updating your dependencies to their latest secure versions. | ||
|
|
||
| 4. Improve stability and performance: Updating dependencies can improve the stability and performance of your code. Renovate helps you stay up-to-date with the latest versions of your dependencies, which can help you identify and fix bugs, and improve the performance of your code. | ||
|
|
||
| 5. Customizable configurations: Renovate offers customizable configurations that allow you to tailor the tool to your specific needs. You can customize update schedules, branch names, and other settings to fit your workflow. | ||
|
|
||
| Overall, Renovate can help you save time and effort, improve the security, stability, and performance of your code, and customize the tool to fit your specific needs. | ||
|
|
||
| ## Drawbacks | ||
|
|
||
| While Renovate can be a powerful tool for automating dependency updates, there are a few potential drawbacks to consider: | ||
|
|
||
| 1. Pull request overload: Renovate can generate a large number of pull requests, especially if you have many repositories or dependencies. This can create a lot of noise in your pull request feed and may require additional effort to manage. | ||
|
|
||
| 2. False positives: Renovate may sometimes generate pull requests for updates that don't actually improve your dependencies or may introduce new issues. This can create additional work and may require manual intervention to resolve. | ||
|
|
||
| 3. Configurability complexity: While Renovate offers a lot of configuration options, this can also make it more complex to set up and manage than other dependency update tools. | ||
|
|
||
| 4. Limited control over updates: Renovate automates the update process, but you may not have full control over which updates are applied to your dependencies. This can be a concern if you need to ensure strict compatibility or stability with certain packages or versions. | ||
|
|
||
| 5. Potential conflicts with other automation: If you have other automation tools or processes in place that also manage dependency updates, Renovate may conflict with them and create additional work or confusion. | ||
|
|
||
| Overall, the benefits of using Renovate may outweigh these potential drawbacks, but it's important to consider these factors and weigh them against your specific use case and needs. |