Skip to content

[dependabot] Ignore all npm major version updates#4082

Merged
imnasnainaec merged 1 commit intomasterfrom
dependabot-yml-npm-ignore-major
Jan 8, 2026
Merged

[dependabot] Ignore all npm major version updates#4082
imnasnainaec merged 1 commit intomasterfrom
dependabot-yml-npm-ignore-major

Conversation

@imnasnainaec
Copy link
Collaborator

@imnasnainaec imnasnainaec commented Jan 8, 2026

All four reviewers of #4081 (2 people, 2 bots) missed an invalid configuration, which failed when it was merged into master: https://github.com/sillsdev/TheCombine/runs/59809907546

Dependabot encountered the following error when parsing your .github/dependabot.yml:
Update configs must have a unique combination of 'package-ecosystem', 'directory', and 'target-branch'. Ecosystem 'npm' has overlapping directories.

Rather than reverting, this pr has dependabot ignore all major dep updates in the frontend. Most should be handled manually anyway.


This change is Reviewable

Summary by CodeRabbit

  • Chores
    • Simplified dependency update automation by consolidating npm configuration to focus on minor and patch version updates.

✏️ Tip: You can customize this high-level summary in your review settings.

@imnasnainaec imnasnainaec self-assigned this Jan 8, 2026
@imnasnainaec imnasnainaec added bug Something isn't working 🟥High High-priority PR: please review this asap! labels Jan 8, 2026
@github-actions github-actions bot added the github_actions Pull requests that update GitHub Actions code label Jan 8, 2026
@coderabbitai
Copy link

coderabbitai bot commented Jan 8, 2026

📝 Walkthrough

Walkthrough

Removed the separate dependabot configuration block for npm major version updates that was scheduled at a semiannual cadence. The npm minor and patch update block remains unchanged, with no public-facing signature modifications.

Changes

Cohort / File(s) Summary
Dependabot Configuration
​.github/dependabot.yml
Removed the dedicated npm major updates block (18 lines), consolidating dependency management to only the minor/patch update configuration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

  • #4081 — Modifies npm major updates handling in dependabot.yml configuration with complementary changes to version update scheduling.

Suggested labels

github_actions, 🟨Medium

Suggested reviewers

  • jasonleenaylor

Poem

🐰 A block of rules, removed with care,
No more majors floating there!
Minor patches carry on,
Simpler config, sleek and strong! ✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: removing the separate major-version dependabot block for npm, which effectively ignores major npm updates.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Jan 8, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.57%. Comparing base (31681d1) to head (7915394).
⚠️ Report is 37 commits behind head on master.

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #4082   +/-   ##
=======================================
  Coverage   74.57%   74.57%           
=======================================
  Files         295      295           
  Lines       10938    10938           
  Branches     1372     1372           
=======================================
  Hits         8157     8157           
  Misses       2385     2385           
  Partials      396      396           
Flag Coverage Δ
backend 85.59% <ø> (ø)
frontend 66.02% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Copy link
Contributor

@jasonleenaylor jasonleenaylor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

@jasonleenaylor reviewed 1 file and all commit messages, and made 1 comment.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved (waiting on @imnasnainaec).

@imnasnainaec imnasnainaec merged commit 6f665a9 into master Jan 8, 2026
20 of 21 checks passed
@imnasnainaec imnasnainaec deleted the dependabot-yml-npm-ignore-major branch January 8, 2026 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working github_actions Pull requests that update GitHub Actions code 🟥High High-priority PR: please review this asap!

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants