Back to Details

fix-dependabot

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese
Dependabot PRs only update one 
package.json
and never run 
bun install
, so the 
bun.lock
file is out of date and other packages in the monorepo still reference the old version. This skill fixes both problems.
Dependabot PR仅会更新一个
package.json
文件,且从不运行
bun install
,因此
bun.lock
文件会过时,单体仓库中的其他包仍会引用旧版本。本技能可解决这两个问题。

Steps

步骤

  1. Get PR info — Use 
    gh pr view <number> --json headRefName,files,title,body
    to identify the branch name, which dependency was bumped, and the old/new versions.
  2. Checkout the branch:
bash
git fetch origin <branch>
git checkout <branch>
  1. Update all monorepo instances — Dependabot only touches one package. Search for all other 
    package.json
    files that reference the same dependency at the old version and update them too:
bash
rg '"<dependency>": "[~^]?<old-version>"' --glob '**/package.json'
Update every match to the new version. Preserve the prefix style (
^
, 
~
, or exact) that each package already uses.
  1. Run 
    bun install
     from the repo root to regenerate 
    bun.lock
    .
  2. Verify — Run 
    git status
    to confirm only 
    bun.lock
    and the expected 
    package.json
    files were modified. If other unexpected files changed, investigate before proceeding.
  3. Commit and push:
bash
git add -u
git commit -m "Update <dependency> to <version> across all monorepo packages"
git push
  1. Switch back — Return to your previous branch (usually 
    main
    ):
bash
git checkout main
  1. 获取PR信息 — 使用
    gh pr view <number> --json headRefName,files,title,body
    命令确定分支名称、被升级的依赖以及新旧版本。
  2. 切换到目标分支
bash
git fetch origin <branch>
git checkout <branch>
  1. 更新单体仓库中的所有实例 — Dependabot仅会修改一个包。搜索所有其他引用了该依赖旧版本的
    package.json
    文件并进行更新:
bash
rg '"<dependency>": "[~^]?<old-version>"' --glob '**/package.json'
将所有匹配项更新为新版本。保留每个包原本使用的前缀格式(
^
~
或精确版本)。
  1. 从仓库根目录运行
    bun install
    ,重新生成
    bun.lock
    文件。
  2. 验证 — 运行
    git status
    确认仅修改了
    bun.lock
    和预期的
    package.json
    文件。如果有其他意外文件被修改,请先调查原因再继续操作。
  3. 提交并推送
bash
git add -u
git commit -m "Update <dependency> to <version> across all monorepo packages"
git push
  1. 切回原分支 — 返回之前的分支(通常是
    main
    ):
bash
git checkout main

Notes

注意事项

  • Dependabot says "Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself" — but updating the lockfile and sibling packages is the expected workflow and won't cause issues.
  • If the version bump is a major version (e.g. vite 5 → 6), consider whether the upgrade is appropriate or if it should be ignored. Check for breaking changes.
  • If 
    bun install
    fails, the dependency version may have conflicts with other packages. In that case, close the PR and comment explaining why.
  • Dependabot提示“只要您不自行修改此PR,Dependabot将解决所有冲突”——但更新锁文件和关联包是预期的工作流程,不会引发问题。
  • 如果是大版本升级(例如vite 5 → 6),请考虑该升级是否合适,或者是否应该忽略。请检查是否存在破坏性变更。
  • 如果
    bun install
    失败,可能是该依赖版本与其他包存在冲突。这种情况下,请关闭PR并在评论中说明原因。