Skip to content

chore: consolidate Dependabot update workflow#35

Open
codethor0 wants to merge 1 commit into
mainfrom
chore/dependabot-consolidation
Open

chore: consolidate Dependabot update workflow#35
codethor0 wants to merge 1 commit into
mainfrom
chore/dependabot-consolidation

Conversation

@codethor0

Copy link
Copy Markdown
Owner

Summary

Reduce Dependabot branch proliferation after twelve concurrent PRs accumulated post-v0.1.1.

Problem

Dependabot opened separate PRs for each ecosystem bump because:

  • GitHub Actions had no grouping configured
  • open-pull-requests-limit allowed up to five pip/npm PRs simultaneously
  • Major upgrades were not separated from routine minor/patch work

Changes

  • Reduce pip and frontend npm limits from 5 to 2 open PRs
  • Reduce extension npm limit from 3 to 2
  • Reduce github-actions limit from 3 to 1
  • Add a github-actions group so workflow action bumps arrive in one PR

Steady-state target

Security

Dependabot security updates remain enabled (default). This configuration does not disable security alerts or security PRs.

Related cleanup

Test plan

  • YAML is valid
  • Maintainer review and merge through protected branch process

Group GitHub Actions bumps and lower open PR limits so routine dependency updates stay manageable after the v0.1.1 release.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant