Dependabot-core: Per dependency bump schedule
I'm not sure if there is already an open issue/backlog item for this, but it would be nice to be able to set bump schedules on a per-dependency basis.
For example, I typically want daily updates to my repositories so I can get the latest packages asap, except there are a few dependencies that release daily that I don't want to have to review and merge every day. For these few dependencies (usually AWS packages), I would want them to be bumped weekly or even monthly.
Right now I have this repository set to bump weekly because of those frequently updated packages, so I get a big dump of everything on Mondays. It would be nice to change it to daily for all packages except the frequently updated ones.
Thanks for all your work on dependabot!
RohanNagar
All 6 comments
Interesting, thanks for the feedback. Sounds like it would be nice to have a middle ground that stops short of asking Dependabot to completely ignore a dependency.
I'll have a think on this - we could possibly add a custom_schedules section to the the config file to support it. It's not likely to be something we add before June (we have our work cut out) but I'll keep this open and revisit next time we're prioritising.
Thanks for using Dependabot!
greysteil
on 10 Apr 2019
Hi folks,
Popping in to say this my team would find this feature really useful too. For context:
I work on the design-system team at my company and we publish a public npm package that is then consumed by the various app repos that make up our web presence. Ideally we want our consumers to be notified of our releases ASAP as we want people to keep up to date. For our biggest consumers we even take responsibility for merging updates as soon as they are released.
At the same time we appreciate our developer buddies would prefer a weekly cadence for other updates so they're not overwhelmed.
It would be fantastic to be able to configure a repository to say:
- Have a default of
update_schedule: 'weekly' - Package names matching
@shopify/polarisshould useupdate_schedule: 'live'
BPScott
on 17 May 2019
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within seven days. Thank you for your contributions.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 23 Oct 2019
Bump.
GaryGSC
on 23 Oct 2019
Bump
malliapi
on 28 Oct 2019
Any chance this could be considered? It would be very useful for cases where certain dependencies need to be as fresh as possible (such as browserslist/@babel-compat), but most other dependencies should have a weekly or even monthly cadence to reduce noise.
foglerek
on 9 Apr 2020
Related issues
ZebraFlesh
路
3Comments
cscherrer
路
4Comments
LankyLou
路
4Comments
christoferolaison
路
3Comments
glenn-jocher
路
3Comments
Most helpful comment
Hi folks,
Popping in to say this my team would find this feature really useful too. For context:
I work on the design-system team at my company and we publish a public npm package that is then consumed by the various app repos that make up our web presence. Ideally we want our consumers to be notified of our releases ASAP as we want people to keep up to date. For our biggest consumers we even take responsibility for merging updates as soon as they are released.
At the same time we appreciate our developer buddies would prefer a weekly cadence for other updates so they're not overwhelmed.
It would be fantastic to be able to configure a repository to say:
update_schedule: 'weekly'@shopify/polarisshould useupdate_schedule: 'live'