DEV Community

Discussion on: Don't get stuck with out of date dependencies!

Collapse
nfrankel profile image
Nicolas Frankel

Just use Dependabot that will do it for you. If your repo is on GitHub (public or private), it's very straightforward.

Collapse
jamesmcmahon profile image
James McMahon Author

Dependabot is definitely on my radar. Our current projects are not on Github, but I know Dependabot is open source, so I plan to eventually evaluate if we could make it work with our setup.

A big requirement for me is ensuring automated dependency updates pass our test suite, which adds another wrinkle.

Collapse
nfrankel profile image
Nicolas Frankel

I added Dependabot on GitLab with this project.

It doesn't do anything but create a merge request.

Thread Thread
jamesmcmahon profile image
James McMahon Author

Thanks for the tip.

The hurdle for me is that we need to add the ability to test merge requests on-demand to our pipeline. Without that the merge requests of Dependabot become more white noise, as they all require manual intervention to merge and unwinding which dependency upgrades work vs which fail can be be painful.

Part of the reason I like updtr so much is that it does that work for you. The next evolution for me is moving the capability out of a command line to an automated process, either in the pipeline entirely or a combination of pipeline and merge request.