File tree 2 files changed +16
-0
lines changed
2 files changed +16
-0
lines changed Original file line number Diff line number Diff line change @@ -127,6 +127,11 @@ for the change.
127127
128128Approval must be from collaborators who are not authors of the change.
129129
130+ Ideally pull requests for dependencies should be generated by automation.
131+ Pay special attention to pull requests for dependencies which have not
132+ been automatically generated and follow the guidance in
133+ [ Maintaining Dependencies] ( https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-dependencies.md#updating-dependencies ) .
134+
130135In some cases, it might be necessary to summon a GitHub team to a pull request
131136for review by @-mention.
132137See [ Who to CC in the issue tracker] ( #who-to-cc-in-the-issue-tracker ) .
Original file line number Diff line number Diff line change @@ -144,6 +144,17 @@ the corresponding script in `tools/update-deps`.
144144[ npm-cli-bot] ( https://github.com/npm/cli/blob/latest/.github/workflows/create-node-pr.yml )
145145takes care of npm update, it is maintained by the npm team.
146146
147+ PRs for manual dependency updates should only be accepted if
148+ the update cannot be generated by the automated tooling,
149+ the reason is clearly documented and either the PR is
150+ reviewed in detail or it is from an existing collaborator.
151+
152+ In general updates to dependencies should only be accepted
153+ if they have already landed in the upstream. The TSC may
154+ grant an exception on a case-by-case basis. This avoids
155+ the project having to float patches for a long time and
156+ ensures that tooling can generate updates automatically.
157+
147158## Dependency list
148159
149160### acorn
You can’t perform that action at this time.
0 commit comments