Skip to content

chore(deps): group @docusaurus/* prod and dev deps together#554

Merged
steve-calvert-glean merged 1 commit into
mainfrom
fix/dependabot-docusaurus-grouping
May 13, 2026
Merged

chore(deps): group @docusaurus/* prod and dev deps together#554
steve-calvert-glean merged 1 commit into
mainfrom
fix/dependabot-docusaurus-grouping

Conversation

@steve-calvert-glean
Copy link
Copy Markdown
Contributor

@steve-calvert-glean steve-calvert-glean commented May 13, 2026

Summary

  • The `docusaurus` group in `.github/dependabot.yml` had no explicit `dependency-type`, which defaults to production-only per GitHub's dependabot docs.
  • That silently excluded `@docusaurus/*` devDependencies (faster, types, theme-mermaid, module-type-aliases, tsconfig) from the docusaurus group; they fell into the `dev-dependencies` catch-all instead.
  • Result: a recent dependabot PR bumped `@docusaurus/faster` and `@docusaurus/types` to 3.10.1 alongside unrelated dev-dep updates, while production `@docusaurus/*` packages (`core`, `plugin-content-docs`, `theme-classic`, `preset-classic`, etc.) stayed at 3.10.0 — version skew within a tightly-coupled package family.
  • Adding `dependency-type: "production-and-development"` to the docusaurus group fixes this; `exclude-patterns: ["@docusaurus/*"]` on the dev-dependencies group is belt-and-suspenders so the docusaurus group definitely wins.

Test plan

  • Wait for dependabot's next run; confirm any `@docusaurus/*` updates open as a single docusaurus-group PR covering both prod and dev packages.
  • Confirm dev-dependencies-group PRs no longer include `@docusaurus/*` packages.

🤖 Generated with Claude Code

@steve-calvert-glean @claude
chore(deps): group @docusaurus/* prod and dev deps together
0e94137 
The docusaurus group's `dependency-type` defaulted to production-only,
so @docusaurus/* devDependencies (faster, types, theme-mermaid,
module-type-aliases, tsconfig) silently fell into the dev-dependencies
catch-all instead of the docusaurus group. Result: bumps for those
packages landed mixed with unrelated dev-dep updates while production
@docusaurus/* packages waited for their own group PR — version skew.

Add `dependency-type: "production-and-development"` to the docusaurus
group so all @docusaurus/* packages move together, and add
`exclude-patterns: ["@docusaurus/*"]` to the dev-dependencies group as
explicit insurance.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@steve-calvert-glean steve-calvert-glean requested a review from a team as a code owner May 13, 2026 23:46
@vercel
Copy link
Copy Markdown

vercel Bot commented May 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
glean-developer-site Ready Ready Preview, Comment May 13, 2026 11:47pm

Request Review

@steve-calvert-glean steve-calvert-glean mentioned this pull request May 13, 2026
Closed
@steve-calvert-glean steve-calvert-glean merged commit a37b975 into main May 13, 2026
3 of 4 checks passed
@steve-calvert-glean steve-calvert-glean deleted the fix/dependabot-docusaurus-grouping branch May 13, 2026 23:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@travis-hoover-glean travis-hoover-glean travis-hoover-glean approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@steve-calvert-glean @travis-hoover-glean