DEV Community

Cover image for Improve your Dependabot experience with grouping and version ignoring
Sindre Bøyum
Sindre Bøyum

Posted on • Edited on

Improve your Dependabot experience with grouping and version ignoring

Dependabot is GitHub's tool for automating dependency updates. It's great! But it can be a little noisy. Here are some tips for making it a little less so.

Grouping

Ever had Dependabot create seven PRs for the same dependency update? If you're working with dependencies like Storybook, you probably have. To make it a little smarter, we can tell it to group certain dependencies. The groups keyword lets us create a new group and specify by a pattern which dependencies should be grouped together.

version: 2
updates:
  - package-ecosystem: npm
    directory: /
    schedule:
      interval: daily
    groups:
      storybook:
        patterns:
          - "@storybook/*"
          - storybook
Enter fullscreen mode Exit fullscreen mode

By doing this, all dependencies that match the regexes will be grouped together in one PR and we no longer get a load of different PRs every week when SB creates a new patch version (no critique of SB here, it's just a very active project!).

Other groups could be angular, eslint, react, and @typescript-eslint.

Ignoring patch updates

For projects that are moved to maintenance, it's sometimes nice to turn off patch updates, especially if maintenance only happens every couple of weeks. This can be done by adding the following to the Dependabot config:

ignore:
  - dependency-name: '\*'
    update-types: ["version-update:semver-patch"]
Enter fullscreen mode Exit fullscreen mode

That will ignore all patch updates for all dependencies. If you want to ignore patch updates for a specific dependency, you can do that too:

ignore:
  - dependency-name: storybook
    update-types: ["version-update:semver-patch"]
Enter fullscreen mode Exit fullscreen mode

Cover image by Xavier von Erlach on Unsplash

Top comments (0)