Skip to content

chore: optimize Dependabot configuration with dependency grouping and PR limits#2447

Merged
danielaskdd merged 3 commits intoHKUDS:mainfrom
danielaskdd:dependabot
Dec 1, 2025
Merged

chore: optimize Dependabot configuration with dependency grouping and PR limits#2447
danielaskdd merged 3 commits intoHKUDS:mainfrom
danielaskdd:dependabot

Conversation

@danielaskdd
Copy link
Collaborator

@danielaskdd danielaskdd commented Dec 1, 2025

chore: optimize Dependabot configuration with dependency grouping and PR limits

Summary

Improve Dependabot configuration to reduce PR noise and better organize dependency updates across all ecosystems (GitHub Actions, pip, and bun).

Changes

  • Add dependency grouping to consolidate related updates into single PRs:

    • pip: 6 groups (llm-providers, storage, data-processing, web-framework, dev-tools, python-minor-patch)
    • bun: 5 groups (react, ui-components, graph-viz, build-tools, frontend-minor-patch)
    • GitHub Actions: All actions grouped together

  • Add PR limits to prevent excessive open PRs:

    • GitHub Actions: 5
    • pip/bun: 10 each

  • Add labels for better PR organization and automation:

    • dependencies + github-actions for Actions updates
    • dependencies + python for pip updates
    • dependencies + frontend for bun updates

  • Disable numpy updates via ignore rule (potential breaking changes)

  • Retain cooldown settings for version-based update intervals

Impact

  • Reduces the number of Dependabot PRs from potentially dozens to a manageable few
  • Makes it easier to filter and batch-review dependency updates by category
  • Supports CI/CD automation via consistent labeling

@danielaskdd
Update GitHub Actions to use latest versions (v6)
ecef842
@danielaskdd
Configure comprehensive Dependabot for Python and frontend dependencies
0f19f80 
- Add pip ecosystem with grouping
- Add bun ecosystem for webui
- Set weekly update schedule
- Configure cooldown periods
- Ignore numpy breaking changes
@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Dec 1, 2025

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@danielaskdd
Copy link
Collaborator Author

danielaskdd commented Dec 1, 2025

@codex review

@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Dec 1, 2025

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@danielaskdd danielaskdd mentioned this pull request Dec 1, 2025
Merged
4 tasks
@danielaskdd
Enable numpy updates in dependabot configuration
f93bda5 
- Re-enable numpy in data-processing group
- Remove numpy from ignore list
- Allow minor and patch updates
- Remove breaking change comment
@danielaskdd danielaskdd merged commit b2f1de4 into HKUDS:main Dec 1, 2025
7 checks passed
@danielaskdd danielaskdd deleted the dependabot branch December 1, 2025 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@danielaskdd