doc/development/dependencies.md
We use the Renovate GitLab Bot to automatically create merge requests for updating (some) Node and Ruby dependencies in several projects. You can find the up-to-date list of projects managed by the renovate bot in the project's README.
Some key dependencies updated using renovate are:
@gitlab/ui@gitlab/svgs@gitlab/eslint-plugin@gitlab/ scopeWe have the goal of updating all dependencies with renovate.
Updating dependencies automatically has several benefits, have a look at this example MR.
It is okay to reject Community Contributions that solely bump dependencies. Simple dependency updates are better done automatically for the reasons provided above. If a community contribution needs to be rebased, runs into conflicts, or goes stale, the effort required to instruct the contributor to correct it often outweighs the benefits.
If a dependency update is accompanied with significant migration efforts, due to major version updates, a community contribution is acceptable.
Here is a message you can use to explain to community contributors as to why we reject simple updates:
Hello CONTRIBUTOR!
Thank you very much for this contribution. It seems like you are doing a "simple" dependency update.
If a dependency update is as simple as increasing the version number, we'd like a Bot to do this to save you and ourselves some time.
This has certain benefits as outlined in our <a href="https://docs.gitlab.com/development/fe_guide/dependencies/#updating-dependencies">Frontend development guidelines</a>.
You might find that we do not currently update DEPENDENCY automatically, but we are planning to do so in [the near future](https://gitlab.com/gitlab-org/frontend/rfcs/-/issues/21).
Thank you for understanding, I will close this merge request.
/close