I recently switched over to the new, native version of Dependabot. Prior to this switch, my Dependabot usage was practically “set it and forget it”. Every now and then I had to update some code to get CI passing again, but it was hands-off for the most part.
However, after switching, I now find myself spending literal hours managing pull requests. The native version of Dependabot no longer automatically merges PRs, nor does it seem to automatically rebase all open PRs when they become out-of-date.
For example, in one of my private repos, I currently have four open PRs from Dependabot, one of which is two commits behind
main and two of which are eight commits behind. Only one PR is ahead of
main. Furthermore, all four PRs have green checks, and there’s no indication that they’re out-of-date with the base branch. The only way I’ve found to fix this is to manually go through these PRs, one at a time, and comment
@dependabot rebase, then wait for CI to finish, and then merge once things are green.
Am I doing something wrong here? I know that I need to manually merge PRs now, but do I really need to manually rebase them as well?