Skip to content

chore(dependabot): update dependency grouping#2895

Closed
CorieW wants to merge 3 commits into
masterfrom
next
Closed

chore(dependabot): update dependency grouping#2895
CorieW wants to merge 3 commits into
masterfrom
next

Conversation

@CorieW

@CorieW CorieW commented Jun 25, 2026

Copy link
Copy Markdown
Member

Summary

  • Adds Dependabot cooldown settings for npm updates.
  • Splits grouped npm updates into version updates and security updates.
  • Keeps semver-major version updates ignored outside security update grouping.

Test plan

  • Verified next vs origin/master only changes .github/dependabot.yml.
  • Confirmed no extension code or runtime dependency changes require changelog/version bumps.

Made with Cursor

CorieW and others added 3 commits June 1, 2026 10:28
@CorieW
chore(dependabot): group security & supply chain attack hardening (#2850
51d1239 
)

* chore(deps): group security

* chore(deps): rename dependency group for minor and patch updates

* chore(deps): rename security updates group in dependabot configuration

* chore(deps): add cooldown settings for Dependabot updates
@inlined
Merge pull request #2890 from firebase/master
3c04e6e 
I seem to have merged into the wrong branch
@CorieW
Merge pull request #2893 from firebase/master
43e4b6c 
sync next with master
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 25, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the Dependabot configuration file to restructure update groups and add a security updates group. However, it introduces an unsupported cooldown configuration block that will cause Dependabot parsing to fail and should be removed.

Comment thread .github/dependabot.yml
Comment on lines +9 to +14
cooldown:
default-days: 7
semver-major-days: 7
semver-minor-days: 7
semver-patch-days: 7

@gemini-code-assist gemini-code-assist Bot Jun 25, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The cooldown configuration option is not supported by GitHub Dependabot. Including this unsupported key will cause Dependabot to fail to parse the configuration file, preventing any dependency updates from running. You should remove this block.

@CorieW CorieW closed this Jun 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CorieW @cabljac @inlined