When doing some of the preliminary updates, it was found that using yarn upgrade for the upgrade was not updating the dependencies completely (subdependencies were not updated even if they could). In addition, the version was always updated to pinned.
Dependabot uses a more complex upgrade schema, and they have an API to update npm (and others) and create a PR with changelogs and release notes. Using that, we help to streamline the approach.
What's changing?
When doing some of the preliminary updates, it was found that using
yarn upgradefor the upgrade was not updating the dependencies completely (subdependencies were not updated even if they could). In addition, the version was always updated to pinned.Dependabot uses a more complex upgrade schema, and they have an API to update npm (and others) and create a PR with changelogs and release notes. Using that, we help to streamline the approach.
My original hope was that this could trigger a dependabot update through github's integration, but this is not supported: https://github.com/dependabot/dependabot-core/issues/2980.
Links