
fix-dependabot
โ 52,100by remotion-dev ยท part of remotion-dev/remotion
Fix a Dependabot PR by updating all monorepo instances of the dependency, running bun install, and pushing
Fix a Dependabot PR by updating all monorepo instances of the dependency, running bun install, and pushing
Inspect the full instructions your agent will receiveExpandCollapse
This is the exact playbook injected into your agent when the skill activates โ shown here so you can audit it before installing. You don't need to read it to use the skill.
name: fix-dependabot description: Fix a Dependabot PR by updating all monorepo instances of the dependency, running bun install, and pushing
Dependabot PRs only update one package.json and never run bun install, so the bun.lock file is out of date and other packages in the monorepo still reference the old version. This skill fixes both problems.
Steps
-
Get PR info โ Use
gh pr view <number> --json headRefName,files,title,bodyto identify the branch name, which dependency was bumped, and the old/new versions. -
Checkout the branch:
git fetch origin <branch>
git checkout <branch>- Update all monorepo instances โ Dependabot only touches one package. Search for all other
package.jsonfiles that reference the same dependency at the old version and update them too:
rg '"<dependency>": "[~^]?<old-version>"' --glob '**/package.json'Update every match to the new version. Preserve the prefix style (^, ~, or exact) that each package already uses.
-
Run
bun installfrom the repo root to regeneratebun.lock. -
Verify โ Run
git statusto confirm onlybun.lockand the expectedpackage.jsonfiles were modified. If other unexpected files changed, investigate before proceeding. -
Commit and push:
git add -u
git commit -m "Update <dependency> to <version> across all monorepo packages"
git push- Switch back โ Return to your previous branch (usually
main):
git checkout mainNotes
- Dependabot says "Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself" โ but updating the lockfile and sibling packages is the expected workflow and won't cause issues.
- If the version bump is a major version (e.g. vite 5 โ 6), consider whether the upgrade is appropriate or if it should be ignored. Check for breaking changes.
- If
bun installfails, the dependency version may have conflicts with other packages. In that case, close the PR and comment explaining why.
npx skills add https://github.com/remotion-dev/remotion --skill fix-dependabotRun this in your project โ your agent picks the skill up automatically.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.