[CT-286] [Feature] dbt deps command improvements

[alexrosenfeld10]

Is there an existing feature request for this?

• I have searched the existing issues

Describe the Feature

I'm suggesting a few improvements / additions to the dbt deps command, and dependencies in general. Command syntax / structure can be anything - but here's some general idea:

dbt deps list: list out the dependencies and versions in the project, as well as the latest available version for each dependency
dbt deps update <dependency name> <optional version>: update the dependency to latest, or version if specified
dbt deps update: update all deps to latest

In addition to these commands, I think it'd be awesome to have dbt integrate with dependabot, and open PRs to update the package dependencies for users.

Describe alternatives you've considered

none, this isn't a must have or anything, it's all just QOL stuff.

Who will this benefit?

All users, especially ones on github that use dependabot.

Are you interested in contributing this feature?

Sure! If time allows.

Anything else?

No response

[emmyoop]

Thanks for writing up this this request @alexrosenfeld10! I can see where you're coming from with the desire for dbt deps to behave like other package management.

dbt deps itself accomplishes a lot of this for projects hosted on the dbt Hub. Hub packages require a version to be specified to avoid unexpected breakages. But you can pin your package to the latest patch version from a specific minor release so that you will automatically get any patch releases when you run dbt deps. #3560 describes the reasoning for why we chose to do it this way and why it only works for Hub packages.

When you run dbt deps the output will be similar to a dbt ls listing the version you have installed and also if any updates are available (for Hub packages).

(env) basic-dbt % dbt deps
20:32:10  Running with dbt=1.0.1
20:32:11  Installing dbt-labs/dbt_utils
20:32:11    Installed from version 0.8.0
20:32:11    Updated version available: 0.8.1
20:32:11
20:32:11  Updates available for packages: ['dbt-labs/dbt_utils']
Update your versions in packages.yml, then run dbt deps

If you update the packages.yml file to have a dependency point to a newer version of the package, running dbt deps will update your package to the specified version, similar to a dbt update command.

As for the dependabot request, since dbt packages are their own kind of package, dependabot is not possible since it is not currently open to adding new ecosystems.

I'm going to close this as something we won't be fixing but feel free to comment if you have any follow up.

[devonlazarussonos]

@emmyoop, apologies for bring this back from deep archives...

We recently started looking into the idea of having Dependabot help with dbt dependency management in conjunctino with dbt 1.7+ package locking.

Looks like the maintainers of Dependabot may have changed their policy and are open to adding new package managers.

Is Dependabot integration with the dbt package manager something you'd consider these days given the apparent change?