Automatic dependency updates
NickyMeuleman opened this issue · comments
Would automation of package updates be useful?
I wrote about this a while back: https://nickymeuleman.netlify.app/blog/automate-dependency-updates
TL;DR: automating updating dependencies means less headaches, gradual small fixes instead of a huge refactor when you are 3 major versions behind and the amount of breaking changes gets overwhelming.
I used renovate in that blogpost, but also a good option is dependabot which is now owned by GitHub and fully integrated.
I played around with dependabot and it seems simpler to use (that also means there are less knobs to turn and lacks some features like automatic merging).
I mentioned this to @BenDMyers on Discord, who pointed out that auto-dep updates are less crucial than for instance a react-app.
If this does get automated, I think it's important it stays a helpful tool, and not a noise/busywork-generator.
The codechange from my testing is so small I'll put it inline here, it would add a dependabot.yml
file, that checks for updates monthly and makes sure there are at most 5PRs open at a time.
version: 2
updates:
- package-ecosystem: npm
directory: '/'
schedule:
interval: monthly
ignore:
- dependency-name: 'faker'
versions: ['6.x']
My vote is auto-dep updates would be useful, but maybe scheduled for monthly?