Skip to content

chore: tighten dependabot npm grouping to minor/patch updates#184

Merged
ProfRandom92 merged 1 commit into
mainfrom
codex/update-dependabot-npm-grouping-for-patch-and-minor
May 21, 2026
Merged

chore: tighten dependabot npm grouping to minor/patch updates#184
ProfRandom92 merged 1 commit into
mainfrom
codex/update-dependabot-npm-grouping-for-patch-and-minor

Conversation

@ProfRandom92
Copy link
Copy Markdown
Owner

@ProfRandom92 ProfRandom92 commented May 21, 2026

Summary:

  • Tightened Dependabot npm grouping for /dashboard/app and /showcase/app by renaming the group to all-npm-minor-patch and adding update-types: ["minor","patch"] so major npm updates will not be grouped into the shared npm PRs.

Changed files:

  • .github/dependabot.yml

Testing:

  • Ran python scripts/run_checks.py; it completed successfully and wrote docs/reports/check-report.md, which was intentionally reverted so this PR remains config-only.
  • Verified with git status --short that only .github/dependabot.yml was modified and committed.

Risks:

  • Low risk: change is config-only and only affects how Dependabot batches npm dependency updates.

Next:

  • Let Dependabot run on its next schedule and confirm grouped npm PRs include only minor/patch updates while major updates are opened separately.

Codex Task

@ProfRandom92 ProfRandom92 merged commit 3eaa48b into main May 21, 2026
8 checks passed
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the Dependabot configuration to group npm updates by 'minor' and 'patch' versions across different directories. The reviewer suggests using more descriptive, directory-specific group names to avoid ambiguous pull request titles in the GitHub UI.

Comment thread .github/dependabot.yml
Comment on lines +28 to +33
all-npm-minor-patch:
patterns:
- "*"
update-types:
- "minor"
- "patch"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

While the current configuration correctly restricts the group to minor and patch updates, using the same group name all-npm-minor-patch across multiple package-ecosystem entries can lead to ambiguous pull request titles in the GitHub UI. Dependabot typically uses the group name in the PR title (e.g., Bump all-npm-minor-patch dependencies). To improve triage efficiency and clarity, consider using directory-specific group names.

      dashboard-npm-minor-patch:
        patterns:
          - "*"
        update-types:
          - "minor"
          - "patch"

Comment thread .github/dependabot.yml
Comment on lines +42 to +47
all-npm-minor-patch:
patterns:
- "*"
update-types:
- "minor"
- "patch"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Similar to the dashboard configuration, using a more specific group name here (e.g., showcase-npm-minor-patch) would help distinguish these grouped updates from those in other directories when viewing the repository's pull request list.

      showcase-npm-minor-patch:
        patterns:
          - "*"
        update-types:
          - "minor"
          - "patch"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ProfRandom92