fix-dependabot
$
npx mdskill add remotion-dev/remotion/fix-dependabotDependabot PRs only update one `package.json` and never run `bun install`, so the `bun.lock` file is out of date and other packages in the monorepo still reference the old version. This skill fixes both problems.
SKILL.md
.github/skills/fix-dependabotView on GitHub ↗
--- name: fix-dependabot description: Fix a Dependabot PR by updating all monorepo instances of the dependency, running bun install, and pushing --- Dependabot PRs only update one `package.json` and never run `bun install`, so the `bun.lock` file is out of date and other packages in the monorepo still reference the old version. This skill fixes both problems. ## Steps 1. **Get PR info** — Use `gh pr view <number> --json headRefName,files,title,body` to identify the branch name, which dependency was bumped, and the old/new versions. 2. **Checkout the branch**: ```bash git fetch origin <branch> git checkout <branch> ``` 3. **Update all monorepo instances** — Dependabot only touches one package. Search for all other `package.json` files that reference the same dependency at the old version and update them too: ```bash rg '"<dependency>": "[~^]?<old-version>"' --glob '**/package.json' ``` Update every match to the new version. Preserve the prefix style (`^`, `~`, or exact) that each package already uses. 4. **Run `bun install`** from the repo root to regenerate `bun.lock`. 5. **Verify** — Run `git status` to confirm only `bun.lock` and the expected `package.json` files were modified. If other unexpected files changed, investigate before proceeding. 6. **Commit and push**: ```bash git add -u git commit -m "Update <dependency> to <version> across all monorepo packages" git push ``` 7. **Switch back** — Return to your previous branch (usually `main`): ```bash git checkout main ``` ## Notes - Dependabot says "Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself" — but updating the lockfile and sibling packages is the expected workflow and won't cause issues. - If the version bump is a major version (e.g. vite 5 → 6), consider whether the upgrade is appropriate or if it should be ignored. Check for breaking changes. - If `bun install` fails, the dependency version may have conflicts with other packages. In that case, close the PR and comment explaining why.
More from remotion-dev/remotion
- add-cli-optionAdd a new Remotion CLI or config option by creating an AnyRemotionOption, registering CLI parsing, wiring config setters, and updating documentation. Use when adding or converting command-line flags or Remotion options.
- add-effectAdd a new effect to @remotion/effects, including implementation, package exports, docs, demos, preview images, Remotion skill updates, tests, formatting, and builds.
- add-expertAdd a new expert to the Remotion experts page
- add-new-packageAdd a new package to the Remotion monorepo, including package scaffolding, monorepo registration, documentation, build scripts, tests, and release checklist updates. Use when creating a new @remotion package.
- add-sfxAdd a new sound effect to @remotion/sfx
- docs-demoAdd an interactive demo to the Remotion documentation. Use when creating a new <Demo> component for docs pages.
- flakeTrack Remotion CI flakes in issue #8375, increment repeated signatures, discover failed PR checks when no PR is given, and rerun flaky GitHub Actions jobs.
- issueCreate or update GitHub issues with correct Remotion naming and safe multiline Markdown handling
- issue-managementManage GitHub Issues 2.0 relationships with gh CLI: parent issues, sub-issues, blocked-by, and blocking links.
- prOpen a pull request for the current feature