Add dependabot groups for npm dependencies#23396
Merged
Merged
Conversation
Splits the broad `@angular*` pattern into specific groups: `@angular/*`, `@angular-devkit/*`, and `@angular-builders/*` for core Angular, plus a new `angular-eslint` group for `@angular-eslint/*` and `angular-eslint`. Adds major-version ignore rules for each new pattern.
Excludes @hotwired/stimulus which is versioned independently from Turbo.
myabc
added
dependencies
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates Dependabot’s npm configuration to reduce update noise by grouping related frontend dependencies (especially Angular and linting/testing ecosystems) so they are bumped together in fewer PRs.
Changes:
- Refines the Angular grouping by splitting
@angular*into separate@angular/*,@angular-devkit/*, and@angular-builders/*groups, plus a newangular-eslintgroup. - Adds new Dependabot groups for common dependency families (eslint, hotwired, jquery, mantine, testing-library, typescript-eslint, uirouter, vitest).
- Adjusts Angular ecosystem ignore rules to ignore semver-major updates per package family rather than a single broad
@angular*rule.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ticket
N/A
What are you trying to accomplish?
Reduce dependabot PR noise by grouping tightly-coupled npm dependencies so they bump together in a single PR instead of individually.
What approach did you choose and why?
Split the broad
@angular*pattern into specific groups (@angular/*,@angular-devkit/*,@angular-builders/*) and added a separateangular-eslintgroup. Then added groups for other dependency families that share a monorepo or must stay in sync:eslint,eslint-plugin-*,@eslint/*,@stylistic/eslint-plugin,globals@hotwired/turbo,@hotwired/turbo-rails(stimulus excluded — versioned independently)jquery,jquery-migrate@mantine/*@testing-library/*typescript-eslint,@typescript-eslint/*@uirouter/*vitest,@vitest/*Major-version ignore rules added only for Angular ecosystem packages (consistent with existing Primer ignores).