Help dependabot team to support bun #7295
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Hi from dependabot 👋 We now have a basic flow working with bun 1.1.39 and a I am continuing to work on this and will be focussed on it next week too. The next things I want to do are:
Any feedback on the current form or suggestions are appreciated. Right now I need to investigate the best approaches for points 1 and 2 above so any links or suggestions would be happily received. Thanks |
RiskyMH
added
the
bun install
|
I have some questions about backwards and forwards compatibility of bun versions in comparison to the version the lockfile was generated against. I see that I can install different versions of bun as follows: curl -fsSL https://bun.sh/install | bash -s -- bun-v1.1.38However, I have some questions:
Thanks |
|
@markhallen Thanks for working on bun dependabot support! Some answers:
These are the only restrictions, other than missing out on bug fixes from recent versions.
Yes, generally latest bun is best bun.
There isn't a way to know. We don't serialize bun version to the lockfile, but it shouldn't matter which is used unless you have a text lockfile and you're using a version before v1.1.39. I also think it's important to use a version >= v1.1.0 for binary lockfiles because earlier versions had bugs causing
Older versions of bun are forward compatible with all versions of
New versions of bun are backwards compatible with all versions of Let me know if you have more questions, happy to help |
…to finalAttrs from rec bun: switch to finalAttrs from rec Could speed up hydra? bun: added hook tests and improve passthru for hooks Co-authored-by: Winter <[email protected]> fixup: bun: cleaned up bun hook; bun: fix arguments; bun: remove lockfile version specifier; bun: moved fetch-dir hooks to hooks dir; bun: fix test to include unzip in nativebuildinputs for benDeps Lockfile version is lock unless for bugfixes read here for context: oven-sh/bun#7295 (comment) bun: add build test subdir to bundeps
|
Thanks for the comprehensive response @dylan-conway. That is really helpful. I would love your thoughts on the following assumptions too please:
Thank you. |
|
Thanks you all your assistance to support Bun in Dependabot 🙌 Here is the GA announcement: https://github.blog/changelog/2025-02-13-dependabot-version-updates-now-support-the-bun-package-manager-ga/ I have one final ask: do you have an SVG logo? We want to add it so that it appears correctly in the dependabot UI. Here we will add the logo and correctly label it Bun. 
Here is the bundler version. 
|
|
@markhallen I think this one will work well https://github.com/oven-sh/bun/blob/main/src/logo.svg |
bun: switch to finalAttrs from rec Could speed up hydra? bun: added hook tests and improve passthru for hooks Co-authored-by: Winter <[email protected]> fixup: bun: cleaned up bun hook; bun: fix arguments; bun: remove lockfile version specifier; bun: moved fetch-dir hooks to hooks dir; bun: fix test to include unzip in nativebuildinputs for benDeps Lockfile version is lock unless for bugfixes read here for context: oven-sh/bun#7295 (comment) bun: add build test subdir to bundeps Apply suggestions from code review Co-authored-by: Seth Flynn <[email protected]>
bun: switch to finalAttrs from rec Could speed up hydra? bun: added hook tests and improve passthru for hooks Co-authored-by: Winter <[email protected]> fixup: bun: cleaned up bun hook; bun: fix arguments; bun: remove lockfile version specifier; bun: moved fetch-dir hooks to hooks dir; bun: fix test to include unzip in nativebuildinputs for benDeps Lockfile version is lock unless for bugfixes read here for context: oven-sh/bun#7295 (comment) bun: add build test subdir to bundeps Apply suggestions from code review Co-authored-by: Seth Flynn <[email protected]>
bun: switch to finalAttrs from rec Could speed up hydra? bun: added hook tests and improve passthru for hooks Co-authored-by: Winter <[email protected]> fixup: bun: cleaned up bun hook; bun: fix arguments; bun: remove lockfile version specifier; bun: moved fetch-dir hooks to hooks dir; bun: fix test to include unzip in nativebuildinputs for benDeps Lockfile version is lock unless for bugfixes read here for context: oven-sh/bun#7295 (comment) bun: add build test subdir to bundeps Apply suggestions from code review Co-authored-by: Seth Flynn <[email protected]>
bun: switch to finalAttrs from rec Could speed up hydra? bun: added hook tests and improve passthru for hooks Co-authored-by: Winter <[email protected]> fixup: bun: cleaned up bun hook; bun: fix arguments; bun: remove lockfile version specifier; bun: moved fetch-dir hooks to hooks dir; bun: fix test to include unzip in nativebuildinputs for benDeps Lockfile version is lock unless for bugfixes read here for context: oven-sh/bun#7295 (comment) bun: add build test subdir to bundeps Apply suggestions from code review Co-authored-by: Seth Flynn <[email protected]>
|
Closing this issue as complete now that dependabot support for Bun is GA. Big thanks @markhallen and everyone else who helped work towards this! If any issues come up please reopen this issue or open a new one. |
What is the problem this feature would solve?
Many projects use github's dependabot to maintain dependencies up-to-date. It looks like the dependabot team doesn't have enough resources to introduce more package managers or eco-systems: dependabot/dependabot-core#6528 (comment).
What is the feature you are proposing to solve the problem?
If the Bun development team has some resources, it would make sense for the Bun community to get dependabot to support Bun.
What alternatives have you considered?
The text was updated successfully, but these errors were encountered: