Use renovate instead of dependabot

Question

Use renovate instead of dependabot

Closed this issue 2 years ago · 2 comments

Is your feature request related to a problem? Please describe.
Automated PRs are not posted for bumping versions related to security advisories in third-party dependencies.
The PRs have to be manually posted like #95

Describe the solution you'd like
Use renovate for automated dependency updates, as it supports Yarn v2.
The request to support Yarn v2 has been pending in dependabot repo since Aug 2019 at dependabot/dependabot-core#1297, and several dependabot customers have been moving to RenovateBot.

Describe alternatives you've considered

Switch to npm with limited workspaces support.
Downgrade to yarn legacy.
Explore pnpm.

Answer 1 · 2021-12-06T06:50:23.000Z

I want an example of how to connect with S3 with ARN role

Answer 2 · 2022-08-24T04:21:06.000Z

Renovate was set up.

Configuration: https://github.com/aws-samples/aws-sdk-js-tests/blob/4be2f9aebe97c2f710baa6b418bc519a9409acdb/.github/renovate.json
Example dashboard: #122