Merge queue: Consolidate 16 passing Dependabot PRs #942
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Copilot
AI
changed the title
[WIP] Create a merge queue PR for passing dependabot commits
Merge queue: Consolidate passing Dependabot PRs
Jan 3, 2026
Member
|
@copilot ive labelled the passing ones with pick-me note: if any touch the same file then you should apply in reverse order from their affected line nos - this generally avoids conflicts |
Author
Done! Cherry-picked 16 of the 17 pick-me PRs in clean commits (commit 3428c4d). Skipped #933 (actions/checkout) for the 2nd pass since it conflicts with recent bind-mounts changes. All package.json PRs (#898, #900, #905, #911) applied cleanly in reverse order as you suggested - git handled the merges automatically without conflicts. |
Bumps otel/opentelemetry-collector from 0.138.0 to 0.140.0. --- updated-dependencies: - dependency-name: otel/opentelemetry-collector dependency-version: 0.140.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps redis from 8.2.2 to 8.4.0. --- updated-dependencies: - dependency-name: redis dependency-version: 8.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…y with 2 updates Bumps the examples-load-reporting group with 2 updates in the /load-reporting-service directory: [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `github.com/envoyproxy/go-control-plane/envoy` from 1.35.0 to 1.36.0 - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](envoyproxy/go-control-plane@envoy/v1.35.0...envoy/v1.36.0) Updates `google.golang.org/grpc` from 1.76.0 to 1.77.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.76.0...v1.77.0) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/envoy dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: examples-load-reporting - dependency-name: google.golang.org/grpc dependency-version: 1.77.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: examples-load-reporting ... Signed-off-by: dependabot[bot] <support@github.com>
…h 2 updates Bumps the examples-ext-authz group with 2 updates in the /ext_authz/auth/grpc-service directory: [github.com/envoyproxy/go-control-plane/envoy](https://github.com/envoyproxy/go-control-plane) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `github.com/envoyproxy/go-control-plane/envoy` from 1.35.0 to 1.36.0 - [Release notes](https://github.com/envoyproxy/go-control-plane/releases) - [Changelog](https://github.com/envoyproxy/go-control-plane/blob/main/CHANGELOG.md) - [Commits](envoyproxy/go-control-plane@envoy/v1.35.0...envoy/v1.36.0) Updates `google.golang.org/grpc` from 1.76.0 to 1.77.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.76.0...v1.77.0) --- updated-dependencies: - dependency-name: github.com/envoyproxy/go-control-plane/envoy dependency-version: 1.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: examples-ext-authz - dependency-name: google.golang.org/grpc dependency-version: 1.77.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: examples-ext-authz ... Signed-off-by: dependabot[bot] <support@github.com>
…ith 2 updates Bumps the examples-grpc-bridge group with 2 updates in the /grpc-bridge/server directory: [golang.org/x/net](https://github.com/golang/net) and [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `golang.org/x/net` from 0.46.0 to 0.47.0 - [Commits](golang/net@v0.46.0...v0.47.0) Updates `google.golang.org/grpc` from 1.76.0 to 1.77.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.76.0...v1.77.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: examples-grpc-bridge - dependency-name: google.golang.org/grpc dependency-version: 1.77.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: examples-grpc-bridge ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps node from 25.0-bookworm-slim to 25.2-bookworm-slim. --- updated-dependencies: - dependency-name: node dependency-version: 25.2-bookworm-slim dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps apache/skywalking-oap-server from 10.2.0 to 10.3.0. --- updated-dependencies: - dependency-name: apache/skywalking-oap-server dependency-version: 10.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps golang from 1.25.3-bookworm to 1.25.4-bookworm. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.4-bookworm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
--- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-workflows ... Signed-off-by: dependabot[bot] <support@github.com>
--- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: examples-shared-python ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the examples-local-ratelimit group in /local_ratelimit with 1 update: nginx. Updates `nginx` from `029d446` to `b619c34` --- updated-dependencies: - dependency-name: nginx dependency-version: b619c34a163ac12f68c1982568a122c4953dbf3126b8dbf0cc2f6fdbfd85de27 dependency-type: direct:production dependency-group: examples-local-ratelimit ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the examples-ext-authz group in /ext_authz with 1 update: openpolicyagent/opa. Updates `openpolicyagent/opa` from 1.9.0-envoy-5-static to 1.9.0-envoy-6-static --- updated-dependencies: - dependency-name: openpolicyagent/opa dependency-version: 1.9.0-envoy-6-static dependency-type: direct:production update-type: version-update:semver-patch dependency-group: examples-ext-authz ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks) from 7.0.0 to 7.0.1. - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/HEAD/packages/eslint-plugin-react-hooks) --- updated-dependencies: - dependency-name: eslint-plugin-react-hooks dependency-version: 7.0.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 5.0.4 to 5.1.0. - [Release notes](https://github.com/vitejs/vite-plugin-react/releases) - [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.1.0/packages/plugin-react) --- updated-dependencies: - dependency-name: "@vitejs/plugin-react" dependency-version: 5.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) from 7.9.4 to 7.9.5. - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.9.5/packages/react-router-dom) --- updated-dependencies: - dependency-name: react-router-dom dependency-version: 7.9.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@chakra-ui/react](https://github.com/chakra-ui/chakra-ui/tree/HEAD/packages/react) from 3.28.0 to 3.28.1. - [Release notes](https://github.com/chakra-ui/chakra-ui/releases) - [Changelog](https://github.com/chakra-ui/chakra-ui/blob/main/packages/react/CHANGELOG.md) - [Commits](https://github.com/chakra-ui/chakra-ui/commits/@chakra-ui/react@3.28.1/packages/react) --- updated-dependencies: - dependency-name: "@chakra-ui/react" dependency-version: 3.28.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
phlax
force-pushed
the
copilot/create-merge-queue-pr
branch
from
3428c4d to
47f63d8
Compare
Copilot
AI
changed the title
Merge queue: Consolidate passing Dependabot PRs
Merge queue: Consolidate 16 passing Dependabot PRs
Jan 3, 2026
phlax
force-pushed
the
copilot/create-merge-queue-pr
branch
from
1a33aee to
47f63d8
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Consolidates dependency updates from 16 passing Dependabot PRs to reduce CI costs. Each PR is cherry-picked as a clean individual commit to allow individual revert capability after rebase landing.
Status
Complete: Successfully cherry-picked 16 passing PRs with clean commits.
PRs Included (16)
Docker Images:
029d446tob619c34in /local_ratelimit in the examples-local-ratelimit group #901: nginx (local_ratelimit)Go Modules:
Python:
JavaScript:
Excluded
Approach
pick-melabel (17 total)Validation
Original prompt
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.