Skip to content

ci: consolidate Dependabot config to stop mass PR openings#142

Merged
BENZOOgataga merged 4 commits intomainfrom
copilot/remove-dependabot-alerts
Mar 9, 2026
Merged

ci: consolidate Dependabot config to stop mass PR openings#142
BENZOOgataga merged 4 commits intomainfrom
copilot/remove-dependabot-alerts

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 9, 2026
edited
Loading

  • Consolidate dependabot.yml: removed 7 per-directory npm entries, single root-level entry with groups
  • Set open-pull-requests-limit to 1 and schedule to monthly for both ecosystems
  • Add release note for the configuration change
  • Fix release note to use correct YAML front matter format with --- delimiters

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@BENZOOgataga
ci: consolidate dependabot config to prevent mass PR openings
a322765 
Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com>
Copilot AI changed the title [WIP] Remove Dependabot alerts and mass pull requests ci: consolidate Dependabot config to stop mass PR openings Mar 9, 2026
@BENZOOgataga
Copy link
Copy Markdown
Member

BENZOOgataga commented Mar 9, 2026

@copilot modify pull request limit to 1 every month

@BENZOOgataga
ci: set dependabot to monthly schedule with limit of 1 PR
d4a992b 
Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Mar 9, 2026

@copilot modify pull request limit to 1 every month

Done in d4a992b — both ecosystems (npm and github-actions) are now set to interval: "monthly" with open-pull-requests-limit: 1.

@BENZOOgataga BENZOOgataga marked this pull request as ready for review March 9, 2026 10:41
@BENZOOgataga BENZOOgataga self-requested a review as a code owner March 9, 2026 10:41
Copilot AI review requested due to automatic review settings March 9, 2026 10:41
greptile-apps[bot]

This comment was marked as off-topic.

Sign in to view

Copilot AI reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR consolidates the Dependabot configuration to reduce the volume of dependency update PRs from up to 70 per weekly run to at most 2 per month (one for npm, one for GitHub Actions).

Changes:

  • Removed 6 redundant per-directory npm ecosystem entries, keeping a single root-level entry that leverages pnpm workspace traversal
  • Added groups with wildcard patterns to both npm and github-actions entries, batching all updates into a single PR per ecosystem
  • Changed schedule from weekly to monthly and reduced open-pull-requests-limit to 1 for both ecosystems

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
.github/dependabot.yml Consolidated 7 npm entries into 1 root entry, added grouping, changed to monthly schedule with limit of 1 PR per ecosystem
.releases/unreleased/20260309103504-consolidate-dependabot-config.md Added release note for the configuration change

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.releases/unreleased/20260309103504-consolidate-dependabot-config.md
Comment on lines +1 to +3
type: patch
area: ci
summary: Consolidate Dependabot config to a single grouped npm entry to prevent mass PR openings
Copy link

Copilot AI Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The release note file uses a different format from the existing release notes. The other files in .releases/unreleased/ use YAML front matter with --- delimiters (e.g., ---\ntype: patch\narea: ci\nsummary: ...\n---), but this file omits the --- delimiters entirely. This will likely break any tooling that parses these files expecting YAML front matter format.

Copilot uses AI. Check for mistakes.
@BENZOOgataga
Copy link
Copy Markdown
Member

BENZOOgataga commented Mar 9, 2026

@copilot apply changes based on the comments in this thread

@BENZOOgataga
fix: add missing YAML front matter delimiters to release note
e755f23 
Co-authored-by: BENZOOgataga <50145143+BENZOOgataga@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Mar 9, 2026

@copilot apply changes based on the comments in this thread

Fixed in e755f23 — added the missing --- delimiters so the release note now uses the correct YAML front matter format.

@BENZOOgataga BENZOOgataga merged commit 9f1ef60 into main Mar 9, 2026
12 checks passed
@BENZOOgataga BENZOOgataga deleted the copilot/remove-dependabot-alerts branch March 9, 2026 11:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@BENZOOgataga BENZOOgataga Awaiting requested review from BENZOOgataga BENZOOgataga is a code owner

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@BENZOOgataga BENZOOgataga

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@BENZOOgataga