Skip to content

Improve Dependabot configuration for quality of life of developers#59

Merged
samcunliffe merged 6 commits intomainfrom
sc/improve-dependabot-
Oct 27, 2025
Merged

Improve Dependabot configuration for quality of life of developers#59
samcunliffe merged 6 commits intomainfrom
sc/improve-dependabot-

Conversation

@samcunliffe
Copy link
Member

@samcunliffe samcunliffe commented Oct 27, 2025
edited
Loading

  • Monthly npm updates (but grouping unchanged).
  • Group GitHub Actions, but leave as weekly and switch to monthly.

@samcunliffe
Improve Dependabot configuration
7aea552 
Monthly npm updates (but grouping unchanged).
Group github-actions, but leave as weekly.
@samcunliffe samcunliffe requested a review from a team as a code owner October 27, 2025 11:24
@samcunliffe samcunliffe requested a review from Copilot October 27, 2025 11:30
@samcunliffe samcunliffe self-assigned this Oct 27, 2025
@samcunliffe samcunliffe added the dependencies Pull requests that update a dependency file label Oct 27, 2025
Copilot AI reviewed Oct 27, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves the Dependabot configuration to reduce developer maintenance burden by adjusting update frequencies and grouping strategies. The changes shift npm dependency updates from weekly to monthly intervals while ensuring all GitHub Actions updates are grouped together.

Key changes:

  • Changed npm package update interval from weekly to monthly
  • Added grouping pattern for all GitHub Actions dependencies to consolidate updates

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/dependabot.yml
Comment on lines +24 to +25
patterns:
- "*"
Copy link

Copilot AI Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The wildcard pattern '*' will group all GitHub Actions updates together. Consider if you want to exclude major version updates from grouping (which are not currently excluded by update-types) to review breaking changes individually, or explicitly document this grouping choice affects all update types for Actions.

Copilot uses AI. Check for mistakes.
giordano
giordano approved these changes Oct 27, 2025
View reviewed changes
@samcunliffe samcunliffe merged commit c7e8019 into main Oct 27, 2025
1 check passed
@samcunliffe
Copy link
Member Author

samcunliffe commented Oct 27, 2025

Bypassing as this doesn't change the JS code.

@samcunliffe samcunliffe deleted the sc/improve-dependabot- branch October 27, 2025 11:47
samcunliffe added a commit that referenced this pull request Oct 31, 2025
@samcunliffe @giordano
Improve Dependabot configuration for quality of life of developers (#59)
e117eac 
* Improve Dependabot configuration

Monthly npm updates (but grouping unchanged).
Group github-actions, but leave as weekly.

* Fix.

* Refactor dependabot.yml patterns for clarity

* Change Dependabot schedule from weekly to monthly

* Refactor Dependabot groups for npm and GitHub actions

Co-authored-by: Mosè Giordano <giordano@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@giordano giordano giordano approved these changes

Assignees

@samcunliffe samcunliffe

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@samcunliffe @giordano