Enable Snyk to regularly recommend dependency upgrades and automatically create pull requests (PRs) for those upgrades on your behalf, for a specific integration. Once enabled, Snyk automatically creates upgrade PRs for all necessary dependencies as new, eligible versions become available for any project for that specific integration.
Notes: Settings on the project level override these. Currently only npm projects are supported through GitHub, GitHub Enterprise Server and BitBucket Cloud are supported.
For use with Broker, your admin should first upgrade to v4.55.0
To enable automatic upgrade PRs for all projects:
Navigate to the organization for which you would like to enable automatic upgrade PRs.
Go to Settings=>Integrations.
From the Integrations area, click Edit Settings for the relevant integration.
From the Integration settings, scroll to the Automatic dependency upgrade pull requests and click Disabled to slide it to Enabled position.
From the options that appear:
Snyk opens a maximum of 10 upgrade PRs simultaneously, per repo.
To limit this number further, select the maximum number of PRs from the dropdown list.
In the Dependencies to ignore field, enter the exact name of any dependencies that should not be handled as part of the automatic functionality. This field accepts only lower case letters.
Settings are saved. Snyk creates automatic upgrade PRs only up to the maximum number of open PRs, as based on your project settings. Every time Snyk scans any project for this integration now, it automatically submits upgrade PRs based on results. If PRs were already submitted the day you enable this feature, Snyk begins submitting on your behalf the next day (or during the next scheduled recurring tests). If a newer version is released for an existing Snyk upgrade PR or for an existing fix PR, the existing PR must be closed or merged before Snyk can raise a new PR.