DEV Community

Cover image for Improve your Dependabot experience with grouping and version ignoring
Sindre Bøyum
Sindre Bøyum

Posted on • Edited on

2

Improve your Dependabot experience with grouping and version ignoring

Dependabot is GitHub's tool for automating dependency updates. It's great! But it can be a little noisy. Here are some tips for making it a little less so.

Grouping

Ever had Dependabot create seven PRs for the same dependency update? If you're working with dependencies like Storybook, you probably have. To make it a little smarter, we can tell it to group certain dependencies. The groups keyword lets us create a new group and specify by a pattern which dependencies should be grouped together.

version: 2
updates:
  - package-ecosystem: npm
    directory: /
    schedule:
      interval: daily
    groups:
      storybook:
        patterns:
          - "@storybook/*"
          - storybook
Enter fullscreen mode Exit fullscreen mode

By doing this, all dependencies that match the regexes will be grouped together in one PR and we no longer get a load of different PRs every week when SB creates a new patch version (no critique of SB here, it's just a very active project!).

Other groups could be angular, eslint, react, and @typescript-eslint.

Ignoring patch updates

For projects that are moved to maintenance, it's sometimes nice to turn off patch updates, especially if maintenance only happens every couple of weeks. This can be done by adding the following to the Dependabot config:

ignore:
  - dependency-name: '\*'
    update-types: ["version-update:semver-patch"]
Enter fullscreen mode Exit fullscreen mode

That will ignore all patch updates for all dependencies. If you want to ignore patch updates for a specific dependency, you can do that too:

ignore:
  - dependency-name: storybook
    update-types: ["version-update:semver-patch"]
Enter fullscreen mode Exit fullscreen mode

Cover image by Xavier von Erlach on Unsplash

Speedy emails, satisfied customers

Postmark Image

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay