Skip to content

chore: group related dependencies in dependabot config#8778

Merged
roger-zhangg merged 1 commit intodevelopfrom
fix_depbot
Mar 10, 2026
Merged

chore: group related dependencies in dependabot config#8778
roger-zhangg merged 1 commit intodevelopfrom
fix_depbot

Conversation

@roger-zhangg
Copy link
Member

@roger-zhangg roger-zhangg commented Mar 10, 2026
edited
Loading

Problem

Dependabot PRs are failing because related dependencies are not grouped together. When a package and its transitive dependencies are updated in separate PRs, the individual PRs can have incompatible version combinations that cause CI failures.

Example: binaryornot update failing without cookiecutter update
#8767
#8763

Changes

Added dependency groups to .github/dependabot.yml so that related packages are updated together in a single PR:

  • cookiecutter — cookiecutter, arrow, binaryornot, chardet, python-slugify, text-unidecode
  • flask — flask, blinker, werkzeug, itsdangerous
  • click — click (shared by cookiecutter and flask)
  • cfn-lint — cfn-lint, networkx, sympy, mpmath, jsonpatch, jsonpointer
  • cryptography — cryptography, pyopenssl, cffi, pycparser
  • requests — requests, certifi, charset-normalizer, idna, urllib3
  • rich — rich, markdown-it-py, mdurl, pygments
  • jsonschema — jsonschema, jsonschema-specifications, referencing, attrs, rpds-py
  • pydantic — pydantic, pydantic-core, annotated-types, typing-inspection
  • jinja2 — jinja2, markupsafe
  • docker — docker
  • pyyaml — pyyaml, ruamel-yaml

Groups were derived from the dependency graph in `requirements/reproducible-linux.txt`.

Testing

No code changes — config-only update to dependabot grouping.

@roger-zhangg
chore: add dependency groups to dependabot config
5b1790c 
Group related dependencies together so dependabot updates them
in a single PR instead of individually. This prevents CI failures
caused by incompatible version combinations when dependencies are
updated separately.
@roger-zhangg roger-zhangg requested a review from a team as a code owner March 10, 2026 20:53
@roger-zhangg roger-zhangg added this pull request to the merge queue Mar 10, 2026
Merged via the queue into develop with commit 7ca109f Mar 10, 2026
46 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valerena valerena valerena approved these changes

@tobixlea tobixlea tobixlea approved these changes

Assignees

No one assigned

Labels

pr/internal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@roger-zhangg @valerena @tobixlea