Dependency Dashboard

[elastic-renovate-prod[bot]]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• [ ] Update dependency @elastic/charts to v66

Detected dependencies

npm

package.json

packages/docusaurus-theme/package.json

packages/eslint-plugin/package.json

packages/eui-docgen/package.json

packages/eui/package.json

- `@elastic/charts ^64.1.0`

packages/website/package.json

---

• [ ] Check this box to trigger a request for Renovate to run again on this repository

[cee-chen]

@nickofthyme any idea what we should do with this issue or this PR? https://github.com/elastic/eui/pull/7946 👀

[nickofthyme]

Hey @cee-chen It's up to you.

So basically in the past this issue was the only way to control renovate and trigger stuck jobs. But now they have a web interface that makes this obsolete https://developer.mend.io.

That said, elastic is migrating renovate as We Chat™️ 😝, to a forked version for security. And that link no longer works as it did. I imagine there will be another link, they say it's sent to the repo owners but still tbd on that.

So for charts I imagine closing this when the migration blows over and we have the link to control it.

Also this issue will continue to open unless we remove the config that triggers the bot tot make it. So just removing the :disableDependencyDashboard from below.

https://github.com/elastic/eui/blob/8d0d8d0513546e99fb4ea166213b04188552a91f/renovate.json#L3

[nickofthyme]

So yeah, after discussing with the renovate czars the web interface is no longer a thing for now. They recommend using this issue here to control the renovate bot.

If you are really opposed to it, I haven't ever had to us it for eui, it just works. And it's only charts that is being updated. So I'd be fine removing it.

[cee-chen]

@nickofthyme I'm not sure I'm reading your comment correctly - Just to clarify, what's the path forward here?

1. Open a PR removing :disableDependencyDashboard from renovate.json (wouldn't we want this config to disable this issue though?)
2. Closing out this issue as-is(?)
3. Removing renovate completely(?)

[nickofthyme]

Hey @cee-chen ! So I'd say option 1, that would close this issue but keep updating new versions of charts.

But now that I think of it, why does eui not use renovate to update common dependencies? It has proven very useful in charts and kibana just to get a PR with all updated packages. Most times the minor/patch versions are a simple merge, though sometimes they require more effort and need to be deferred. If you were to invest more into renovate as an tool, I would suggest keeping this issue open to allow better control.

Happy to discuss offline/zoom if you'd like.

[cee-chen]

I believe we're actually using snyk for that? No idea why snyk over renovate though. CC @JasonStoltz

[JasonStoltz]

@nickofthyme Hey Nick, we set up Snyk to update our dependencies. Example here.

My assumption is that this is similar to what Renovate provides. I don't know if there's a standard or consideration for using Renovate vs Snyk, but for the moment, that is what we use.

[nickofthyme]

Ok that's fine with me, it sounds like they are attempting to settle on renovate as the standard, at least from the docs.

[cee-chen]

@nickofthyme 😅 do we need to do something else to stop the bot from reopening this?

[nickofthyme]

Nope that should be it. It should eventually close it itself.

[nickofthyme]

I'm over it 😞 this is why I love to hate on renovate, just strange things like this happening. I'd say leave it for a day and if it doesn't work just remove renovate altogether!

[cee-chen]

We've disabled renovate in https://github.com/elastic/eui/commit/c22685613b002add55c769e4534be91a2e85c9c8 and https://github.com/elastic/eui/pull/8009