I think the version difference is not the main point and was a bad example. I
had bumped the version within minutes before that PR.
I don’t mind if Dependabot's service is on, but usually, I will rebuild the
file myself and skip the Dependabot PRs.
I find their PRs submission a little
In this case the package-lock was out of sync with the package.json (it had
v6.x.x while package.json had 7.x.x), so if we have more packages with the
same problem we should fix them.
But if the package-lock is ok, then I think we can just merge the
dependabot PRs, what’s the advantage of having
Hi Team,
Just curious on other thoughts on Dependabot now that Apache enabled
them across the repos. Do we review and merge them as is? Should we
build PRs like https://github.com/apache/cordova-js/pull/255 to
regenerate package-lock which will result in dependent bot to close
their PRs.
jcesarmobile commented on PR #16:
URL:
https://github.com/apache/cordova-apache-board-reports/pull/16#issuecomment-1148479486
Maybe mention the removal of one PMC member on the community changes section?
And the deprecation of cordova-osx?
--
This is an automated message from the