Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use renovate instead of dependabot #96

Closed
trivikr opened this issue Sep 13, 2021 · 2 comments
Closed

Use renovate instead of dependabot #96

trivikr opened this issue Sep 13, 2021 · 2 comments

Comments

@trivikr
Copy link
Contributor

trivikr commented Sep 13, 2021

Is your feature request related to a problem? Please describe.
Automated PRs are not posted for bumping versions related to security advisories in third-party dependencies.
The PRs have to be manually posted like #95

Describe the solution you'd like
Use renovate for automated dependency updates, as it supports Yarn v2.
The request to support Yarn v2 has been pending in dependabot repo since Aug 2019 at dependabot/dependabot-core#1297, and several dependabot customers have been moving to RenovateBot.

Describe alternatives you've considered

  • Switch to npm with limited workspaces support.
  • Downgrade to yarn legacy.
  • Explore pnpm.
@leakhand

This comment has been minimized.

Sign in to view
@trivikr trivikr mentioned this issue Aug 23, 2022
Merged
@trivikr
Copy link
Contributor Author

trivikr commented Aug 24, 2022

Renovate was set up.

Configuration: https://github.com/aws-samples/aws-sdk-js-tests/blob/4be2f9aebe97c2f710baa6b418bc519a9409acdb/.github/renovate.json
Example dashboard: #122

@trivikr trivikr closed this as completed Aug 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leakhand @trivikr