Florian Munz, Co-Founder at Depfu

It’s been a while! We kinda forgot to post here (for reasons) but let’s get into that again with a recap of what happened in the previous season of Depfu 🦈.

So, let’s take a look at a few things we’ve released.

Behind the scenes

A lot of the ongoing work at Depfu is simply catching up with new versions of package managers. Sometimes that’s a quick thing and sometimes we need to put in a lot of effort to adapt to the changes or to support features of that new version. Last year we’ve added support for Bundler 2.6, pnpm 9 and Yarn 4 with corepack.

We’ve also re-architected how dependency updates get executed, which was a big and important refactoring for us, but didn’t have any visible effects for you.

Customizable PR titles

This one is pretty self-explanatory and also has been available for quite some time: you can now customize the title for the pull requests Depfu creates, similar to the commit message.

Gitlab bot user as a service account

If you’re using Depfu on a private repo on Gitlab we have good news for you: We now support service accounts instead of our dedicated @depfu-bot user.

This new approach is not quite as nice, but has one major upside: service accounts are non-billable users for Gitlab, which means Depfu won’t be using a seat on your Gitlab plan.

We’re still working out a few edge cases and will have a dedicated post on this soon, but if you’re interested in giving it a try, please let us know.

Engine release tweaks

We’ve heard from you that engine releases (so new versions of Ruby, nodejs, etc.) often get stuck waiting for upstream providers like Heroku, Docker and similar to make the new version available. So now we simply wait for 7 days before we send you the PR for a new version.

We also made it possible to choose which major line you want to upgrade to from our dashboard. For cases where you want to update step by step or to a specific version.

Package aliases for JS

We finally detect and support aliases in package.json. This was mainly driven by requests to support the jsr.io package repository in non-deno environments. But it works in all cases where you alias a npm package.

{
  "dependencies": {
    "npm": "10.3.0",
    "npm6": "npm:npm@6.14.13",
    "@std/path": "npm:@jsr/std__path@^1.0.3"
  }  
}

And even more small tweaks

Of course there are always bug fixes, really tiny things and ease of use improvements. A few worth mentioning are:

  • ✨ You can now abort an automerge with @depfu cancel merge
  • ✨ We remember the last selected org in the dashboard
  • ✨ Github: Support for merge queues
  • ✨ Bundler: Handle the new ruby file: '.ruby-version' syntax

Feedback

We’re always looking for small (and big) things that make your life with Depfu easier, smoother and calmer. So please don’t hold back on any feedback, we’re listening on Mastodon and via email.