To Dependabot or to not Dependant

[AlexanderKaran]

I recently set up Dependabot to auto-bump versions; however, this causes a few issues:

• We want to track all major and minor versions. If three minor versions come out since Dependabot last ran, it skips to the latest and misses the other two. We need to track each version so we can compare metrics over time
• We need to group each app and starter. I have sort of fixed this with some complex grouping in Dependabot

I did start out with a GitHub action and am leaning that way again for version bumping, but wanted people's thoughts. Maybe this is not actually an issue, just let it run every day and merge each version bump?

Anyway keen to hear thoughts, options and solutions.

[43081j]

hmm so does that mean we need this kind of flow:

• framework releases 1.0.0
• we install, gather metrics, etc
• framework releases 1.1.0
• install, gather metrics
• etc

i.e. we have some regular schedule that runs regularly enough it catches most minors at least? and somewhere we keep the stats per version?

[AlexanderKaran]

@43081j 100%. Comparing stats across versions is one of the most amazing potentials of this project as well

[43081j]

yup in that case i think we probably do need our own update script 😬 just so we can be more specific on version bumps

unless we could maybe configure dependabot to only bump minors and majors?

either way i guess it needs to run often enough to catch most versions

[AlexanderKaran]

Will get that fixed up this week can't wait to see a framework over time compare graph