Skip to content

chore: configure dependabot to group dependency updates#450

Merged
kevinchappell merged 1 commit into
mainfrom
feat/group-dependabot-updates
May 16, 2026
Merged

chore: configure dependabot to group dependency updates#450
kevinchappell merged 1 commit into
mainfrom
feat/group-dependabot-updates

Conversation

@kevinchappell
Copy link
Copy Markdown
Collaborator

@kevinchappell kevinchappell commented May 16, 2026

Problem

Dependabot PRs arrive one at a time per package, creating PR noise and merge overhead.

Solution

Added .github/dependabot.yml with grouped updates:

  • npm dependencies (both dependencies and devDependencies): grouped into one PR per day
  • GitHub Actions: grouped into one PR per week (Mondays)

Details

  • Uses open-pull-requests-limit: 1 per ecosystem to cap queue depth
  • Schedule set to 6:00 AM Central (America/Chicago timezone)
  • All packages matched via patterns: ["*"] in a single group

@kevinchappell
chore: configure dependabot to group dependency updates
96ba34e 
Add dependabot.yml to group all npm dependency updates into a single
daily PR and all GitHub Actions updates into a single weekly PR.

Previously dependabot PRs came one at a time per package. Now all npm
updates are batched into one PR per day, and action updates into one
PR per week, reducing PR noise and merge overhead.
Copilot AI review requested due to automatic review settings May 16, 2026 04:48
Copilot AI reviewed May 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Dependabot configuration to reduce dependency-update PR noise by grouping updates per ecosystem on a predictable schedule.

Changes:

  • Introduces .github/dependabot.yml with grouped npm dependency updates into a single daily PR.
  • Introduces grouped GitHub Actions updates into a single weekly PR (Mondays).
  • Caps queued PRs per ecosystem via open-pull-requests-limit: 1 and sets the schedule to 06:00 America/Chicago.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kevinchappell kevinchappell merged commit 5551dc1 into main May 16, 2026
3 checks passed
@kevinchappell kevinchappell deleted the feat/group-dependabot-updates branch May 16, 2026 05:39
@kevinchappell
Copy link
Copy Markdown
Collaborator Author

kevinchappell commented May 16, 2026

🎉 This PR is included in version 5.0.3 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevinchappell