Dependabot-core: Generate list of blocking upstream dependencies?
I'm trying to update past a critical severity alert, but got the message Dependabot cannot create a pull request as one or more other dependencies require a version that is incompatible with this update.
That makes sense, and I can look through yarn.lock to see what dependencies must be updated to allow dependabot to create the PR, but it's laborious and error-prone to do this manually. I was wondering if there could be a feature to somehow list out which dependencies are blocking the critical severity one, and offer to open PRs for those too, to make a kind of tree of pre-dependencies (for lack of a better term). This could fast-track a course of action which addresses critical severity alerts.
Right now, we have a lot of dependabot PRs which we work through as we're able to, but we're not aware of if we're making progress towards the critical severity ones.
Thanks, we :heart: dependabot!
jywarren
All 2 comments
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within seven days. Thank you for your contributions.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 23 Oct 2019
I would love a fix for this. Recently encountered this on a default project generated for the popular Express framework: https://github.com/expressjs/generator/issues/258 I'm sure Dependabot knows what the conflict is...it'd be super helpful to have it share the details! :)
codingthat
on 22 Apr 2020
Related issues
cscherrer
路
4Comments
exequiel09
路
4Comments
christoferolaison
路
3Comments
kiprasmel
路
3Comments
rebelagentm
路
3Comments
Most helpful comment
I would love a fix for this. Recently encountered this on a default project generated for the popular Express framework: https://github.com/expressjs/generator/issues/258 I'm sure Dependabot knows what the conflict is...it'd be super helpful to have it share the details! :)