- 
                Notifications
    You must be signed in to change notification settings 
- Fork 70
Dependabot
        Song Zheng edited this page Jan 18, 2022 
        ·
        8 revisions
      
    - Updates for Node types (like this one) should correspond to node version configured in vercel.
To keep our packages updated, we use dependabot to send pull requests to our repo automatically everytime there is an update.
In the image below, there are 2 scenarios:
- Passing - This means that the update passes our deployment and test check so it has low risk of breaking our builds. After 2 approvals it can be merged
- Failing - This is a breaking update that causes either our tests or deployment to fail. To remedy this, you would have to pull the change into your development environment and make fixes, then send up a new pull request (and closing the dependabot pull request). Full steps

Make sure you look at the reason why the build is failing by clicking on the details first! Sometimes a failing build could be resolved by just updating the dependabot pull request to your latest codebase by commenting @dependabot rebase
If the above does not work, you would have to resolve the issues yourself by following the general steps below:

- To help understand what may have caused the build, it helps to look at release notes.
- Copy the dependabot branch name (screenshot above)
- 
git fetch upstream dependabot-branch-nameto download the dependabot branch- You may have to rename upstreamanddependabot-branch-nameto the remote variable you set for your main repo's upstream and the dependabot branch, respectively.
 
- You may have to rename 
- Now that you have the code locally, run the test and make the appropriate fixes
- 
important! Make sure to run yarn installto download the updated library. Otherwise you would just be using the older library. Many of us have forgotten to runyarn installand wasted many hours scratching our heads for no reason.
 
- 
important! Make sure to run 
- Send up a pull request, ask in channel for a review
- Once your pull request is merged in, close the failing dependabot pull request.