Skip to content

[INFRA] Reviewing Dependabot updates is time consuming - Find alternatives #668

New issue
New issue
Open
Open
[INFRA] Reviewing Dependabot updates is time consuming - Find alternatives#668
Labels
choreBuild, CI/CD or repository tasks (issues/PR maintenance, environments, ...)
@tbouffard

Description

@tbouffard
tbouffard
opened on Sep 6, 2022

This project declares a lot of dependencies (most of them are dev dependencies), reviewing PR created by Dependabot takes too much time.
For instance today, here is the list of PR dependabot would like to create (we allow Dependabot to open 2 PR at a given time).
The preview is not deployed on dependabot PR, so manual tests must be done.

updater | +----------------------------------------------------------------------+
updater | |                 Changes to Dependabot Pull Requests                  |
updater | +---------+------------------------------------------------------------+
updater | | created | gatsby ( from 4.21.1 to 4.22.0 )                           |
updater | | created | gatsby-plugin-manifest ( from 4.21.0 to 4.22.0 )           |
updater | | created | gatsby-transformer-remark ( from 5.21.0 to 5.22.0 )        |
updater | | created | gatsby-plugin-typescript ( from 4.21.0 to 4.22.0 )         |
updater | | created | @emotion/react ( from 11.10.0 to 11.10.4 )                 |
updater | | created | @typescript-eslint/eslint-plugin ( from 5.36.0 to 5.36.1 ) |
updater | | created | @typescript-eslint/parser ( from 5.36.0 to 5.36.1 )        |
updater | | created | @emotion/styled ( from 11.10.0 to 11.10.4 )                |
updater | | created | @fortawesome/fontawesome-svg-core ( from 6.1.2 to 6.2.0 )  |
updater | | created | gatsby-plugin-sitemap ( from 5.21.0 to 5.22.0 )            |
updater | | created | @mui/material ( from 5.10.1 to 5.10.3 )                    |
updater | | created | gatsby-remark-responsive-iframe ( from 5.21.0 to 5.22.0 )  |
updater | | created | @fortawesome/free-solid-svg-icons ( from 6.1.2 to 6.2.0 )  |
updater | | created | @fortawesome/free-brands-svg-icons ( from 6.1.2 to 6.2.0 ) |
updater | | created | gatsby-plugin-google-gtag ( from 4.21.0 to 4.22.0 )        |
updater | | created | gatsby-plugin-mdx ( from 3.20.0 to 4.1.0 )                 |
updater | | created | @mui/icons-material ( from 5.8.4 to 5.10.3 )               |
updater | | created | gatsby-plugin-styled-components ( from 5.21.0 to 5.22.0 )  |
updater | | created | @types/react ( from 18.0.17 to 18.0.18 )                   |
updater | +---------+------------------------------------------------------------+

Proposal

Use tool like Renovate that are able to update several dependencies at the same time.
Notice that dependabot recently introduced a way to group dependency update: github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-beta
See also

Metadata

Metadata

Assignees

No one assigned

    Labels

    choreBuild, CI/CD or repository tasks (issues/PR maintenance, environments, ...)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions