This project declares a lot of dependencies (most of them are dev dependencies), reviewing PR created by Dependabot takes too much time.
For instance today, here is the list of PR dependabot would like to create (we allow Dependabot to open 2 PR at a given time).
The preview is not deployed on dependabot PR, so manual tests must be done.
updater | +----------------------------------------------------------------------+
updater | | Changes to Dependabot Pull Requests |
updater | +---------+------------------------------------------------------------+
updater | | created | gatsby ( from 4.21.1 to 4.22.0 ) |
updater | | created | gatsby-plugin-manifest ( from 4.21.0 to 4.22.0 ) |
updater | | created | gatsby-transformer-remark ( from 5.21.0 to 5.22.0 ) |
updater | | created | gatsby-plugin-typescript ( from 4.21.0 to 4.22.0 ) |
updater | | created | @emotion/react ( from 11.10.0 to 11.10.4 ) |
updater | | created | @typescript-eslint/eslint-plugin ( from 5.36.0 to 5.36.1 ) |
updater | | created | @typescript-eslint/parser ( from 5.36.0 to 5.36.1 ) |
updater | | created | @emotion/styled ( from 11.10.0 to 11.10.4 ) |
updater | | created | @fortawesome/fontawesome-svg-core ( from 6.1.2 to 6.2.0 ) |
updater | | created | gatsby-plugin-sitemap ( from 5.21.0 to 5.22.0 ) |
updater | | created | @mui/material ( from 5.10.1 to 5.10.3 ) |
updater | | created | gatsby-remark-responsive-iframe ( from 5.21.0 to 5.22.0 ) |
updater | | created | @fortawesome/free-solid-svg-icons ( from 6.1.2 to 6.2.0 ) |
updater | | created | @fortawesome/free-brands-svg-icons ( from 6.1.2 to 6.2.0 ) |
updater | | created | gatsby-plugin-google-gtag ( from 4.21.0 to 4.22.0 ) |
updater | | created | gatsby-plugin-mdx ( from 3.20.0 to 4.1.0 ) |
updater | | created | @mui/icons-material ( from 5.8.4 to 5.10.3 ) |
updater | | created | gatsby-plugin-styled-components ( from 5.21.0 to 5.22.0 ) |
updater | | created | @types/react ( from 18.0.17 to 18.0.18 ) |
updater | +---------+------------------------------------------------------------+
csouchet
commented
1 year ago
This project declares a lot of dependencies (most of them are dev dependencies), reviewing PR created by Dependabot takes too much time. For instance today, here is the list of PR dependabot would like to create (we allow Dependabot to open 2 PR at a given time). The preview is not deployed on dependabot PR, so manual tests must be done.
Proposal
Use tool like Renovate that are able to update several dependencies at the same time. Notice that
dependabotrecently introduced a way to group dependency update: github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-beta See also