chore(deps): consolidate Dependabot PRs #34-53 + widen grouping#57
Merged
Conversation
npm (lockfile + catalog): tanstack, @tauri-apps/*, turbo 2.9.x, biome, vite, @vitejs/plugin-react, vitest+coverage-v8 4.1.8 (lockstep), @playwright/test, and jsdom 26->29 (major). cargo: tauri 2.11.2, tauri-plugin-http 2.5.9, tauri-build 2.6.2, serde_json. github-actions: docker setup-qemu v4, setup-buildx v4, build-push v7. Validated: make ci-web, cargo-check, actionlint.
Collapse minor+patch bumps into one PR per ecosystem (npm/cargo) with majors in their own grouped PR; add a github-actions group so action bumps batch instead of one PR each. Replaces the many narrow per-family groups.
This was referenced Jun 2, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Consolidates the open Dependabot PRs #34–53 into one validated branch, and widens the Dependabot grouping so future bumps arrive as ~a handful of PRs instead of 20.
Dependency bumps (supersedes #34–53)
pnpm-workspace.yamlcatalog): TanStack family,@tauri-apps/*, turbo, Biome, Vite,@vitejs/plugin-react,@playwright/test, and vitest + @vitest/coverage-v8 → 4.1.8 (kept in lockstep), plus jsdom 26 → 29 (major). Root dev-dep floors (commitlint, semantic-release plugins, turbo) aligned with the lock.Cargo.lock): tauri 2.11.2, tauri-plugin-http 2.5.9, tauri-build 2.6.2, serde_json, + transitive in-range updates.docker-publish.yml):docker/setup-qemu-actionv3→v4,docker/setup-buildx-actionv3→v4,docker/build-push-actionv6→v7.Conflicts resolved by keeping the newer of each duplicate: tauri 2.11.2 (#34 over #45's 2.11.1), turbo 2.9.16 (#39 over #47's 2.9.14).
Validation (local)
make ci-web— lint + typecheck + test (exercises the jsdom 29 major) + build: all pass.pnpm --filter @openconcho/desktop cargo-check— compiles tauri 2.11.2 + plugins:Finished.actionlint .github/workflows/docker-publish.yml— clean.pnpm install --frozen-lockfile— lock consistent with manifests.Dependabot grouping change
Replaces the many narrow per-family groups with: one minor+patch group per ecosystem (npm, cargo) + a separate major group per ecosystem for individual scrutiny, and adds a github-actions group (was ungrouped → one PR per action). Result: minor/patch bumps batch into a single weekly PR per ecosystem.
Closing
Supersedes #34, #35, #36, #37, #39, #45, #47, #50, #51, #52, #53 — closing those with a pointer here. The only residual unverified-locally change is the docker-action majors (they run only in the publish workflow); they're actionlint-clean and standard API-compatible bumps.