Is there a way to hide dependabot commits in the history of a repo?
from pe1uca@lemmy.pe1uca.dev to programming@programming.dev on 25 Oct 2024 10:26
https://lemmy.pe1uca.dev/post/1810633

I’m trying to see how active a project is, but dependabot spam makes it annoying to find actual commits and to know if those commits are relevant.

There’s no need for me to know chai was updated from 5.1.1 to 5.1.2, I want to see what were the most recent actual features implemented.

#programming

threaded - newest

jmcs@discuss.tchncs.de on 25 Oct 2024 10:43 next collapse

You can use git log --author=REGEX_THAT_EXCLUDES_DEPENDABOT … .

pylapp@programming.dev on 25 Oct 2024 20:38 collapse

Nice idea 👍

pylapp@programming.dev on 25 Oct 2024 20:41 collapse

BTW I hope any project won’t increase the Z version only by including Dependabot commits, it would be insane. Release must be documented, tested, with CHANGELOG updated. If some maintainers just accept Dependabot commits without checking, move away. That’s just simple crappy auto-merge.

Kissaki@programming.dev on 26 Oct 2024 07:42 next collapse

Release must be documented

It’s not a must [unless you put it into a contract], it’s a should or would be nice

Many, if not most, projects don’t follow a good, obvious, transparent, documented release or change management.

I wish for it, too, but it’s not the reality of projects. Most people don’t seem to care about it as much as I do.

I agree blind acceptance/merging is problematic. But for some projects (small scope/size/personal-FOSS, trustworthy upstream) I see it as pragmatic rather than problematic.

kamstrup@programming.dev on 26 Oct 2024 08:40 collapse

Must include CHANGELOG…

The changelog:

  • misc fixes
  • pls work
  • fixe a typo