Development Guides

Verifying Dependabot Updates

This guide covers how to verify Dependabot PRs and handle common issues with dependency updates.

Quick Verification Checklist

When reviewing a Dependabot PR, run the following verification steps:

# 1. Rust verification
cargo build --all
cargo test
cargo clippy

# 2. TypeScript/Node verification
pnpm typecheck
pnpm lint
pnpm test

# 3. Frontend integration tests (if UI-related dependencies changed)
pnpm --filter inklings-desktop-tests exec playwright test

For major version bumps, also review the dependency’s changelog for breaking changes.

Risk Assessment by Dependency Type

Rust Dependencies (Medium Risk)

Dependency	Risk Level	What to Check
`rusqlite`	Medium	Query/transaction API changes, parameter binding syntax
`rusqlite_migration`	Medium	Migration builder API, schema versioning
`serde` / `serde_json`	Low	Usually backward compatible
`dirs`	Low	Path resolution functions
`tauri`	High	Plugin APIs, command signatures, window management
`specta`	Medium	Type generation output format

JavaScript/TypeScript Dependencies (Lower Risk)

Dependency	Risk Level	What to Check
`react`	Medium	Deprecated lifecycle methods, StrictMode behavior
`vite`	Medium	Config format, plugin API changes
`@tiptap/*`	Medium	Extension APIs, node/mark definitions
`@tauri-apps/*`	High	IPC API changes, plugin interfaces
`oxlint`	Low	Run lint to verify no new violations
`typescript`	Low-Medium	Check for stricter type checking
`playwright`	Low	Test API changes, locator syntax

Common Issues and Solutions

Rust: rusqlite Breaking Changes

Symptom: Compilation errors in query or transaction handling.

Common fixes:

// params![] macro syntax changes
// Old: params![value1, value2]
// New: Still params![value1, value2] but check for &str vs String handling

// Transaction API changes
// Check conn.transaction() returns and SavepointBehavior

Rust: Tauri v2 API Changes

Symptom: Command handler signatures don’t match, plugin initialization fails.

Common fixes:

Check #[tauri::command] macro requirements
Verify State extraction patterns
Review window/webview API changes

TypeScript: React Breaking Changes

Symptom: Runtime warnings, double-mount issues in development.

Common fixes:

StrictMode now intentionally double-invokes lifecycle methods in dev
Check for deprecated patterns like componentWillMount
Update ref patterns if using forwardRef

TypeScript: TipTap Extension Changes

Symptom: Editor extensions fail to load or render incorrectly.

Common fixes:

Verify extension option interfaces haven’t changed
Check node/mark schema definitions
Review addNodeView return type requirements

TypeScript: oxlint Rule Changes

Symptom: New lint errors appear after update.

Common fixes:

Run pnpm lint to see all violations
Either fix the code or update oxlint config to disable new rules
Use /* oxlint-disable <rule> */ for targeted suppression

Post-Update Verification

After merging a Dependabot PR:

Run the full CI pipeline - Ensure all checks pass
Test locally - Run pnpm dev and verify basic functionality
Check type generation - Run pnpm generate:types if Rust types changed
E2E smoke test - Run a subset of E2E tests for critical paths

Handling Failed Updates

If a Dependabot update fails verification:

Check the changelog for migration guides
Search issues on the dependency’s GitHub repo
Pin the current version if an immediate fix isn’t available
Create a follow-up issue to track the manual migration

Automated Dependency Management

Dependabot is configured to:

Create PRs for security updates automatically
Group minor/patch updates when possible
Target the main branch for all updates

Review .github/dependabot.yml to adjust update schedules or grouping rules.

Previous
Tutorial: Your First Feature Next
Work with Loro CRDT

Was this page helpful?