Skip to content
This repository was archived by the owner on Dec 11, 2019. It is now read-only.

Use greenkeeper to automatically keep npm deps up to date #1701

Closed
diracdeltas opened this issue May 12, 2016 · 7 comments
Closed

Use greenkeeper to automatically keep npm deps up to date #1701

diracdeltas opened this issue May 12, 2016 · 7 comments
Labels
dev-setup infrastructure open-in-brave-core priority/P4 Minor loss of function. Workaround usually present. security wontfix

Comments

@diracdeltas
Copy link
Member

https://greenkeeper.io/
@luixxiul luixxiul mentioned this issue May 13, 2016
Closed
@alexwykoff
Copy link
Contributor

alexwykoff commented Nov 9, 2016
edited
Loading

@bbondy @diracdeltas is this still an issue or will we end up switching to yarn?

@luixxiul luixxiul added the needs-info Another team member needs information from the PR/issue opener. label Dec 28, 2016
@luixxiul luixxiul mentioned this issue Mar 28, 2017
Closed
@luixxiul luixxiul mentioned this issue Apr 13, 2017
Closed
@luixxiul
Copy link
Contributor

luixxiul commented Oct 9, 2017

Greenkeeper 2 has been released since May.

https://blog.greenkeeper.io/greenkeeper-2-0-release-da8f8f476c88

Feature shortlist

💰 New entry-level pricing model:
Start with Greenkeeper from $25 for 10 private repos per month on organisations or just $1.50 per private repository for personal accounts.
🤖 Uses the new GitHub Integrations API.
🔇 Less noise: Fewer GitHub notifications.
✨ Support for npm shrinkwrap.
💪 More convenient and more flexible dependency update handling.
📌 Built-in dependency pinning, for when you just don’t have time to deal with a breaking change.
🔒 Native support for scoped and private npm modules.
💳 Better payment and billing user experience.
📰 Open product roadmap.

@diracdeltas
Copy link
Member Author

Greenkeeper is still useful in addition to yarn/package-lock for keeping dependencies up to date. right now npm outdated shows a lot of outdated dependencies.

@diracdeltas diracdeltas mentioned this issue Oct 9, 2017
Closed
@bsclifton
Copy link
Member

Without reliable tests, upgrading should only be limited to patch and minor versions, IMO. Even then, there would be some risk. Personally, I don't have enough confidence in our webdriver tests- I don't think we're ready to do this yet

@diracdeltas
Copy link
Member Author

I think that every N releases, we should update every dependency to latest stable version and lock that in package-lock, for some value of N. There should be enough time for manual testing to make sure things don't break in these releases.

@luixxiul
Copy link
Contributor

It should be nice if we have automated test suite with setting the environment variable process.env.NODE_ENV to the string value production to avoid a nasty bug which @bsclifton, @jonathansampson, and @kevinlawler have solved on #10029.

@diracdeltas diracdeltas added security dev-setup priority/P5 Cosmetic. Spelling, copy, layout. New features (which should also be part of an initiative). priority/P4 Minor loss of function. Workaround usually present. and removed needs-info Another team member needs information from the PR/issue opener. priority/P5 Cosmetic. Spelling, copy, layout. New features (which should also be part of an initiative). labels Oct 10, 2017
This was referenced Oct 11, 2017
Merged
Closed
@bsclifton bsclifton added this to the Triage Backlog milestone Nov 27, 2017
@bsclifton bsclifton mentioned this issue Aug 20, 2018
Closed
@bsclifton
Copy link
Member

Closing in favor of #1701

@bsclifton bsclifton removed this from the Triage Backlog milestone Aug 20, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
dev-setup infrastructure open-in-brave-core priority/P4 Minor loss of function. Workaround usually present. security wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@diracdeltas @alexwykoff @luixxiul @bsclifton