Skip to content

chore: configure Dependabot schedule and grouping #756

@mostronatorcoder

Description

@mostronatorcoder

Description

Optimize the Dependabot configuration for better dependency management.

Current state

Dependabot is active but creates individual PRs for each dependency bump, which can be noisy and hard to manage.

Proposal

  1. Group minor/patch updates into a single weekly PR to reduce noise
  2. Keep major updates as individual PRs for careful review
  3. Set a weekly schedule (e.g., Monday) instead of daily
  4. Add GitHub Actions ecosystem to also keep CI dependencies updated

Example .github/dependabot.yml:

version: 2
updates:
  - package-ecosystem: npm
    directory: /
    schedule:
      interval: weekly
      day: monday
    groups:
      minor-and-patch:
        update-types:
          - minor
          - patch
    open-pull-requests-limit: 10

  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: weekly
      day: monday

Benefits

  • Fewer PRs to review (grouped minor/patch)
  • Predictable schedule (weekly on Mondays)
  • CI actions also stay updated
  • Major bumps still get individual attention

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions