Is there an existing issue for this?
Feature description
Description:
Today, pull request create/update events include only a subset of the metadata that Dependabot core computes as part of the update flow. For example, PR titles are included, but other core-derived attributes such as branch name and labels are not included in the emitted event payload.
Dependabot core computes this metadata during the update process, including values such as:
However, this information is not carried forward into the updater job’s emitted events and is therefore not sent along to the service layer responsible for PR creation.
Instead, these values are later recomputed from the dependency payload at the service layer. This recomputation seems unnecessary given that the same information has already been derived earlier in the flow.
This leads to several issues:
-
Duplicated effort: Downstream systems must re-derive metadata from the dependency payload even though it has already been computed by core.
-
Loss of intent signal: Events contain only partial PR state rather than the full set of intent information that originally drove the update.
-
Reduced testability: Because this metadata is not included in the event payload, CLI and integration tests cannot easily validate end-to-end behavior. Instead, these behaviors must be tested in isolation at the unit/service layer tests
-
Unnecessary complexity: Recomputing already-derived metadata downstream introduces avoidable duplication across layers and increases conceptual overhead.
Proposed Solution:
Include the full set of PR-intent metadata computed by Dependabot core (such as branch name, labels, and related attributes) directly in the pull request create/update events emitted by the updater job.
Since this metadata is already computed during the core update flow, preserving it in emitted events would:
-
eliminate redundant recomputation in downstream layers
-
provide a complete and consistent representation of PR intent
-
improve end-to-end testability, including CLI and integration testing
-
reduce complexity by avoiding duplication of logic across layers
This change would ensure that the event payload accurately reflects the full decision context produced by Dependabot core during pull request generation, rather than discarding it before it reaches downstream consumers.
Is there an existing issue for this?
Feature description
Description:
Today, pull request create/update events include only a subset of the metadata that Dependabot core computes as part of the update flow. For example, PR titles are included, but other core-derived attributes such as branch name and labels are not included in the emitted event payload.
Dependabot core computes this metadata during the update process, including values such as:
expected branch name
labels (both custom and default)
However, this information is not carried forward into the updater job’s emitted events and is therefore not sent along to the service layer responsible for PR creation.
Instead, these values are later recomputed from the dependency payload at the service layer. This recomputation seems unnecessary given that the same information has already been derived earlier in the flow.
This leads to several issues:
Duplicated effort: Downstream systems must re-derive metadata from the dependency payload even though it has already been computed by core.
Loss of intent signal: Events contain only partial PR state rather than the full set of intent information that originally drove the update.
Reduced testability: Because this metadata is not included in the event payload, CLI and integration tests cannot easily validate end-to-end behavior. Instead, these behaviors must be tested in isolation at the unit/service layer tests
Unnecessary complexity: Recomputing already-derived metadata downstream introduces avoidable duplication across layers and increases conceptual overhead.
Proposed Solution:
Include the full set of PR-intent metadata computed by Dependabot core (such as branch name, labels, and related attributes) directly in the pull request create/update events emitted by the updater job.
Since this metadata is already computed during the core update flow, preserving it in emitted events would:
eliminate redundant recomputation in downstream layers
provide a complete and consistent representation of PR intent
improve end-to-end testability, including CLI and integration testing
reduce complexity by avoiding duplication of logic across layers
This change would ensure that the event payload accurately reflects the full decision context produced by Dependabot core during pull request generation, rather than discarding it before it reaches downstream consumers.