Consider dropping dependabot in favor of renovate
hazendaz opened this issue · 1 comments
Dependabot has a many years old bug that causes downstream forks to get flooded by PRs. Consider switching to renovate which is also free and far superior.
To do so,
- Delete the dependabot yaml file
- Go here https://github.com/marketplace/renovate
- Add it and select this repo to use it
Renovate will raise initial PR that gives you idea what its going to do. Merge that PR.
Then go to issue tracking few minutes later. Pin the issue it raises to keep it up in case issues ever grow (on right side of the issue). Then either let it slowly update or tell it to update all at once. Unlike dependabot, it keeps track of items very cleanly in that issue even things skipped without having to touch any further configuration.
If you need to see one in action, check here. See the issue it has perpetually open, see recently merged PRs it raised. See the quality improvement it provides in general.
Given this repo is using dependabot now, the expected PRs to occur should be minimal. However, note that it didn't even know maven wrapper was out of date. Renovate will. Not sure if renovate handles the switch from the pre maven owned official wrapper but I have separate PR that addresses that aspect.
My motivation, just to ensure my fork stops getting blasted by dependabot requiring me to interact with it more than I should. Personally usage, I used dependabot since its inception days (before github owned it) and now 3 years using Renovate. The quality is so much higher on renovate in general and it shows.
Thanks! I have already been using Renovate in some other projects, yet I didn't know the issue with forks.