Configure Dependabot #1365
Configure Dependabot #1365
Conversation
|
@nathanhammond is attempting to deploy a commit to the Vercel Team on Vercel. A member of the Team first needs to authorize it. |
1077e45 to
f34fe57
Compare
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Ignored Deployment
|
| @@ -5,7 +5,31 @@ updates: | |||
| directory: '/' | |||
| schedule: | |||
| interval: 'monthly' | |||
| ignore: | |||
There was a problem hiding this comment.
Is this safe to remove? The comment seems to indicate that it's there for some reason.
There was a problem hiding this comment.
We're not using Husky anymore. It's nowhere to be found in our lockfile.
|
I'm sorry if this might be bringing a new question/problem to the table. However, I would like to suggest an alternative to Dependabot for monitoring dependencies, which is Renovate. It supports pnpm, Go Modules, and also pnpm-workspace. Hopefully, with Renovate, the process of bumping and monitoring dependencies can be performed fully by the bot. |
|
@samnap11 Thanks for the pointer! Integrating Renovate is definitely something we could consider in the future. For now this is an intentionally targeted change which addresses our existing integration with Dependabot. |
|
As an FYI: I had a similar experience but noticed some of the PR's were correct. The PR's that were correct didn't have the ie: but PR's with just text like updated all instances of commander in all of the project.json in sub-dir and the pacakge-lock.json at the root of the project so maybe define the directory as |
This PR configures Dependabot to monitor dependencies across all of our own packages. It does not attempt to set up Dependabot for our
examplesor ourcreate-turbotemplates. (I want to address that update separately.)Note: Dependabot does not officially support
pnpm(dependabot/dependabot-core#1736) and is not workspaces-friendly (dependabot/dependabot-core#4993). All Dependabot PRs for thenpmecosystem will require checking out, regenerating the lockfile, and pushing back to the branch.I've configured checks to be monthly which seems like a decent cadence to monitor things (and cluster everything to a few hours required to shepherd everything through).