Skip to content

Update Dependabot config to group security-related changes by NPM manifest#39

Merged
pawiecz merged 1 commit intomainfrom
update-locks-and-dependabot-config
Apr 16, 2026
Merged

Update Dependabot config to group security-related changes by NPM manifest#39
pawiecz merged 1 commit intomainfrom
update-locks-and-dependabot-config

Conversation

@pawiecz
Copy link
Copy Markdown
Contributor

@pawiecz pawiecz commented Feb 10, 2026
edited
Loading

Context & Requests for Reviewers

This change doesn't introduce functional changes - its goal is to simplify Dependabot automatic updates.

Fixes: #10

@pawiecz pawiecz self-assigned this Feb 10, 2026
@pawiecz pawiecz force-pushed the update-locks-and-dependabot-config branch from 2bb187e to 5be9adc Compare April 2, 2026 16:42
@pawiecz
dependabot: Group security updates by NPM manifest
86d5dd7 
This patch breaks the DRY principle and doesn't use YAML aliases because
they are not supported by Dependabot [0].

[0] dependabot/dependabot-core#1582
@pawiecz pawiecz force-pushed the update-locks-and-dependabot-config branch from 5be9adc to 86d5dd7 Compare April 14, 2026 10:46
@pawiecz
Copy link
Copy Markdown
Contributor Author

pawiecz commented Apr 14, 2026

This PR groups security updates per NPM manifest so that there's a single Dependabot-version-bumps group instead of a PR per each updated dependency.

Screenshot from 2026-04-14 12-55-32

@pawiecz pawiecz marked this pull request as ready for review April 14, 2026 10:59
@pawiecz
Copy link
Copy Markdown
Contributor Author

pawiecz commented Apr 14, 2026

Please also note that this PR should probably go after Kysely update (#214) and maybe even Sequelize removal in order not to create noise in PR queue.

@pawiecz pawiecz changed the title Update locks and dependabot config Update Dependabot config to group security-related changes by NPM manifest Apr 14, 2026
juanmrad
juanmrad approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@juanmrad juanmrad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@pawiecz
Copy link
Copy Markdown
Contributor Author

pawiecz commented Apr 14, 2026

Thanks @juanmrad for your approval!

Please let me know if you're fine with me merging this PR after #214 lands in main or if a little noise is fine and I should hit the merge button right away

@juanmrad
Copy link
Copy Markdown
Member

juanmrad commented Apr 14, 2026

Let's merge after.

@pawiecz pawiecz merged commit 0b8a76c into main Apr 16, 2026
11 checks passed
@pawiecz pawiecz deleted the update-locks-and-dependabot-config branch April 16, 2026 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@juanmrad juanmrad juanmrad approved these changes

@vinaysrao1 vinaysrao1 Awaiting requested review from vinaysrao1 vinaysrao1 is a code owner

@cassidyjames cassidyjames Awaiting requested review from cassidyjames cassidyjames is a code owner

@julietshen julietshen Awaiting requested review from julietshen julietshen is a code owner

@dom-notion dom-notion Awaiting requested review from dom-notion dom-notion is a code owner

Assignees

@pawiecz pawiecz

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update dependabot config

2 participants

@pawiecz @juanmrad