This project declares a lot of dependencies (most of them are dev dependencies), reviewing PR created by Dependabot takes too much time.
For instance today, here is the list of PR dependabot would like to create (we allow Dependabot to open 2 PR at a given time).
The preview is not deployed on dependabot PR, so manual tests must be done.
updater | +----------------------------------------------------------------------+
updater | | Changes to Dependabot Pull Requests |
updater | +---------+------------------------------------------------------------+
updater | | created | gatsby ( from 4.21.1 to 4.22.0 ) |
updater | | created | gatsby-plugin-manifest ( from 4.21.0 to 4.22.0 ) |
updater | | created | gatsby-transformer-remark ( from 5.21.0 to 5.22.0 ) |
updater | | created | gatsby-plugin-typescript ( from 4.21.0 to 4.22.0 ) |
updater | | created | @emotion/react ( from 11.10.0 to 11.10.4 ) |
updater | | created | @typescript-eslint/eslint-plugin ( from 5.36.0 to 5.36.1 ) |
updater | | created | @typescript-eslint/parser ( from 5.36.0 to 5.36.1 ) |
updater | | created | @emotion/styled ( from 11.10.0 to 11.10.4 ) |
updater | | created | @fortawesome/fontawesome-svg-core ( from 6.1.2 to 6.2.0 ) |
updater | | created | gatsby-plugin-sitemap ( from 5.21.0 to 5.22.0 ) |
updater | | created | @mui/material ( from 5.10.1 to 5.10.3 ) |
updater | | created | gatsby-remark-responsive-iframe ( from 5.21.0 to 5.22.0 ) |
updater | | created | @fortawesome/free-solid-svg-icons ( from 6.1.2 to 6.2.0 ) |
updater | | created | @fortawesome/free-brands-svg-icons ( from 6.1.2 to 6.2.0 ) |
updater | | created | gatsby-plugin-google-gtag ( from 4.21.0 to 4.22.0 ) |
updater | | created | gatsby-plugin-mdx ( from 3.20.0 to 4.1.0 ) |
updater | | created | @mui/icons-material ( from 5.8.4 to 5.10.3 ) |
updater | | created | gatsby-plugin-styled-components ( from 5.21.0 to 5.22.0 ) |
updater | | created | @types/react ( from 18.0.17 to 18.0.18 ) |
updater | +---------+------------------------------------------------------------+
Proposal
Use tool like Renovate that are able to update several dependencies at the same time.
Notice that dependabot recently introduced a way to group dependency update: github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-beta
See also
This project declares a lot of dependencies (most of them are dev dependencies), reviewing PR created by Dependabot takes too much time.
For instance today, here is the list of PR dependabot would like to create (we allow Dependabot to open 2 PR at a given time).
The preview is not deployed on dependabot PR, so manual tests must be done.
Proposal
Use tool like Renovate that are able to update several dependencies at the same time.
Notice that
dependabotrecently introduced a way to group dependency update: github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-betaSee also