Dependabot-core: CLI to bump all versions at once

Created on 14 Nov 2019  路  4Comments  路  Source: dependabot/dependabot-core

Context:
As project's dependencies grow, handle all opened PR by each dependency gets difficult and boring. So a way to handle it at once would make our daily job easier.

Solution A:

  • Have a configuration option to make Dependabot open only one PR with all the versions bumped instead of one by each dependency.

Solution B:

  • Provide a CLI tool to run it locally for a specific project. So we can bump the versions locally, test, fix, test and then push the new versions.
picture rafaelrocha-hotmart
👍1

Most helpful comment

@rolandsusans Adding a way to group or bump large numbers of dependencies at once is high on our list, but we currently don't have a timeframe. We're still pretty swamped integrating Dependabot into GitHub at the moment.

picture rebelagentm on 3 Dec 2019
👍2

All 4 comments

Thank you for submitting this! We'll take it into consideration as soon as we can.

rebelagentm picture rebelagentm on 14 Nov 2019
1 🎉1

Regarding solution A - It's one of the main blockers why we don't use dependabot at the moment. @rebelagentm is there a plan to implement such a feature?

rolandsusans picture rolandsusans on 28 Nov 2019

@rolandsusans Adding a way to group or bump large numbers of dependencies at once is high on our list, but we currently don't have a timeframe. We're still pretty swamped integrating Dependabot into GitHub at the moment.

rebelagentm picture rebelagentm on 3 Dec 2019
👍2

Duplicate of #1190

Solution A would be satisfied by #1190. It's unlikely we'd take solution B.

infin8x picture infin8x on 20 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bennycode picture bennycode  路  3Comments
cscherrer picture cscherrer  路  4Comments
Spomky picture Spomky  路  4Comments
kiprasmel picture kiprasmel  路  3Comments
Tapchicoma picture Tapchicoma  路  3Comments