Labsco
remotion-dev logo

fix-dependabot

โ˜… 52,100

by remotion-dev ยท part of remotion-dev/remotion

Fix a Dependabot PR by updating all monorepo instances of the dependency, running bun install, and pushing

๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeQuick setup
๐Ÿ”’ Repo-maintenance skill. It exists to help maintain remotion-dev/remotion itself โ€” it's only useful if you contribute code to that project.

Fix a Dependabot PR by updating all monorepo instances of the dependency, running bun install, and pushing

Inspect the full instructions your agent will receiveExpand

This is the exact playbook injected into your agent when the skill activates โ€” shown here so you can audit it before installing. You don't need to read it to use the skill.


name: fix-dependabot description: Fix a Dependabot PR by updating all monorepo instances of the dependency, running bun install, and pushing

Dependabot PRs only update one package.json and never run bun install, so the bun.lock file is out of date and other packages in the monorepo still reference the old version. This skill fixes both problems.

Steps

  1. Get PR info โ€” Use gh pr view <number> --json headRefName,files,title,body to identify the branch name, which dependency was bumped, and the old/new versions.

  2. Checkout the branch:

Copy & paste โ€” that's it
git fetch origin <branch>
git checkout <branch>
  1. Update all monorepo instances โ€” Dependabot only touches one package. Search for all other package.json files that reference the same dependency at the old version and update them too:
Copy & paste โ€” that's it
rg '"<dependency>": "[~^]?<old-version>"' --glob '**/package.json'

Update every match to the new version. Preserve the prefix style (^, ~, or exact) that each package already uses.

  1. Run bun install from the repo root to regenerate bun.lock.

  2. Verify โ€” Run git status to confirm only bun.lock and the expected package.json files were modified. If other unexpected files changed, investigate before proceeding.

  3. Commit and push:

Copy & paste โ€” that's it
git add -u
git commit -m "Update <dependency> to <version> across all monorepo packages"
git push
  1. Switch back โ€” Return to your previous branch (usually main):
Copy & paste โ€” that's it
git checkout main

Notes

  • Dependabot says "Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself" โ€” but updating the lockfile and sibling packages is the expected workflow and won't cause issues.
  • If the version bump is a major version (e.g. vite 5 โ†’ 6), consider whether the upgrade is appropriate or if it should be ignored. Check for breaking changes.
  • If bun install fails, the dependency version may have conflicts with other packages. In that case, close the PR and comment explaining why.