Description
Optimize the Dependabot configuration for better dependency management.
Current state
Dependabot is active but creates individual PRs for each dependency bump, which can be noisy and hard to manage.
Proposal
- Group minor/patch updates into a single weekly PR to reduce noise
- Keep major updates as individual PRs for careful review
- Set a weekly schedule (e.g., Monday) instead of daily
- Add GitHub Actions ecosystem to also keep CI dependencies updated
Example .github/dependabot.yml:
version: 2
updates:
- package-ecosystem: npm
directory: /
schedule:
interval: weekly
day: monday
groups:
minor-and-patch:
update-types:
- minor
- patch
open-pull-requests-limit: 10
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
day: mondayBenefits
- Fewer PRs to review (grouped minor/patch)
- Predictable schedule (weekly on Mondays)
- CI actions also stay updated
- Major bumps still get individual attention
Description
Optimize the Dependabot configuration for better dependency management.
Current state
Dependabot is active but creates individual PRs for each dependency bump, which can be noisy and hard to manage.
Proposal
Example
.github/dependabot.yml:Benefits