Dependencies

Dependency updates

We use the Renovate GitLab Bot to automatically create merge requests for updating (some) Node and Ruby dependencies in several projects. You can find the up-to-date list of projects managed by the renovate bot in the project’s README.

Some key dependencies updated using renovate are:

@gitlab/ui
@gitlab/svgs
@gitlab/eslint-plugin
And any other package in the @gitlab/ scope

We have the goal of updating all dependencies with renovate.

Updating dependencies automatically has several benefits, have a look at this example MR.

MRs are created automatically when new versions are released.
MRs can easily be rebased and updated by just checking a checkbox in the MR description.
MRs contain changelog summaries and links to compare the different package versions.
MRs can be assigned to people directly responsible for the dependencies.

Community contributions updating dependencies

It is okay to reject Community Contributions that solely bump dependencies. Simple dependency updates are better done automatically for the reasons provided above. If a community contribution needs to be rebased, runs into conflicts, or goes stale, the effort required to instruct the contributor to correct it often outweighs the benefits.

If a dependency update is accompanied with significant migration efforts, due to major version updates, a community contribution is acceptable.

Here is a message you can use to explain to community contributors as to why we reject simple updates:

Hello CONTRIBUTOR!

Thank you very much for this contribution. It seems like you are doing a "simple" dependency update.

If a dependency update is as simple as increasing the version number, we'd like a Bot to do this to save you and ourselves some time.

This has certain benefits as outlined in our <a href="https://docs.gitlab.com/ee/development/fe_guide/dependencies.html#updating-dependencies">Frontend development guidelines</a>.

You might find that we do not currently update DEPENDENCY automatically, but we are planning to do so in [the near future](https://gitlab.com/gitlab-org/frontend/rfcs/-/issues/21).

Thank you for understanding, I will close this merge request.
/close

Docs

Edit this page to fix an error or add an improvement in a merge request.

Create an issue to suggest an improvement to this page.

Product

Create an issue if there's something you don't like about this feature.

Propose functionality by submitting a feature request.

Feature availability and product trials

View pricing to see all GitLab tiers and features, or to upgrade.

Try GitLab for free with access to all features for 30 days.

Get help

If you didn't find what you were looking for, search the docs.

If you want help with something specific and could use community support, post on the GitLab forum.

For problems setting up or using this feature (depending on your GitLab subscription).

Request support