ppkarwasz commented on PR #367: URL: https://github.com/apache/logging-parent/pull/367#issuecomment-2799011452
> > transitive NPM dependencies will be upgraded only by Dependabot > > Does this mean Dependabot will try to upgrade hundreds of dependencies listed in `npm-shrinkwrap.json`? Yes, Dependabot will upgrade about a hundred NPM dependencies, but only once a month using a single PR. See https://github.com/apache/logging-parent/pull/367/commits/c1134f89b82bebdf40d2f90bd2f939083d0ef244. > > This is also suggested in the deploy-site-reusable workflow > > Doesn't this warrant a correction on `deploy-site-reusable.yaml` in this PR? I modified the key used for the Antora cache, so that only one cache per `logging-parent` version is used. We don't need more caches, since `node_modules` should only contain JavaScript files and the `node` folder does not need to be cached (Node is stored in the Maven local repository). See https://github.com/apache/logging-parent/pull/367/commits/b1f15b10d8a6d23949667c5b4028caa93b18fa12 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
