š Repo: Set up Renovate
JoshuaKGoldberg opened this issue Ā· comments
Tooling Suggestion Checklist
- I have tried restarting my IDE and the issue persists.
- I have pulled the latest
master
branch of the repository. - I have read and agree to Mocha's Code of Conduct and Contributing Guidelines
- I have searched for related issues and issues with the
faq
label, but none matched my issue. - I want to provide a PR to resolve this
Overview
There are quite a few issues on this repo right now tracking out-of-date packages. We're going to enable Renovate to automatically create PRs to update packages.
Notes from @boneskull:
Looks reasonable. The only thing Iād suggest with the automated tooling (something like Renovate, yeah?) is to have a human in the loop for production dependency upgradesācheck them closely. Mocha has been bitten several times due to semver violations in its dependency tree. I would also recommend using https://socket.dev/ as well (should be free for OSS). While Mocha hasnāt been hit by a malicious dep (to my knowledge), historical performance is not a guarantee of future results. š
Additional Info
No response