Handle multi-package-monorepo sourced dependency updates better #13410
Unanswered
jeking3
asked this question in
Code Security
Replies: 1 comment
-
I was about to suggest the same. Another problem with monorepo packages is that some of these dependencies only work together with the same version and fail to build when different versions are combined (e.g. @docusaurus/{core, preset-classic}. I think another idea how to solve this problem could be, that the dependabot configuration allows to define dependencies that should always be updated together. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Some dependabot updates come from a momorepo with multiple released packages, for example:
These packages also do not release code-free dependency bundles as they expect you to pick only what you need.
As a user, I find handling the dependabot updates on these quite annoying:
What would be really nice is one of the following:
Solution 2 would still cause GitHub Action minutes to grow, but might be useful anyway. :)
Solution 1 would solve all concerns.
Many thanks!
Beta Was this translation helpful? Give feedback.
All reactions