File tree 2 files changed +16
-0
lines changed
2 files changed +16
-0
lines changed Original file line number Diff line number Diff line change @@ -127,6 +127,11 @@ for the change.
127127
128128Approval must be from collaborators who are not authors of the change.
129129
130+ Ideally pull requests for dependencies should be generated by automation.
131+ Pay special attention to pull requests for dependencies which have not
132+ been automatically generated and follow the guidance in
133+ [ Maintaining Dependencies] ( https://github.com/nodejs/node/blob/main/doc/contributing/maintaining/maintaining-dependencies.md#updating-dependencies ) .
134+
130135In some cases, it might be necessary to summon a GitHub team to a pull request
131136for review by @-mention.
132137See [ Who to CC in the issue tracker] ( #who-to-cc-in-the-issue-tracker ) .
Original file line number Diff line number Diff line change @@ -142,6 +142,17 @@ the corresponding script in `tools/update-deps`.
142142[ npm-cli-bot] ( https://github.com/npm/cli/blob/latest/.github/workflows/create-node-pr.yml )
143143takes care of npm update, it is maintained by the npm team.
144144
145+ PRs for manual dependency updates should only be accepted if
146+ the update cannot be generated by the automated tooling,
147+ the reason is clearly documented and either the PR is
148+ reviewed in detail or it is from an existing collaborator.
149+
150+ In general updates to dependencies should only be accepted
151+ if they have already landed in the upstream. The TSC may
152+ grant an exception on a case-by-case basis. This avoids
153+ the project having to float patches for a long time and
154+ ensures that tooling can generate updates automatically.
155+
145156## Dependency list
146157
147158### acorn
You can’t perform that action at this time.
0 commit comments