Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: group dependabot updates #1682

Merged
merged 3 commits into from
Nov 28, 2024
Merged

fix: group dependabot updates #1682

merged 3 commits into from
Nov 28, 2024

Conversation

@SgtPooki SgtPooki self-assigned this Nov 19, 2024
@SgtPooki SgtPooki requested a review from achingbrain November 19, 2024 17:16
@SgtPooki SgtPooki changed the title chore: group dependabot updates fix: group dependabot updates Nov 20, 2024
SgtPooki added a commit to ipfs/service-worker-gateway that referenced this pull request Nov 22, 2024
SgtPooki added a commit to ipfs/service-worker-gateway that referenced this pull request Nov 22, 2024
@achingbrain achingbrain merged commit b1fee41 into main Nov 28, 2024
2 checks passed
@achingbrain achingbrain deleted the SgtPooki-patch-1 branch November 28, 2024 11:29
github-actions bot pushed a commit that referenced this pull request Nov 28, 2024
## [45.0.5](v45.0.4...v45.0.5) (2024-11-28)

### Bug Fixes

* add gh actions to dependabot ([41a4cc2](41a4cc2))
* group dependabot updates ([#1682](#1682)) ([b1fee41](b1fee41))
* use chore for dev deps ([263bc50](263bc50))
Copy link

🎉 This PR is included in version 45.0.5 🎉

The release is available on:

Your semantic-release bot 📦🚀

@achingbrain
Copy link
Member

This may not be behaving in the desired fashion. See these two dependabot PRs for the same dep in the same file opened at the same time with different titles:

@SgtPooki
Copy link
Member Author

SgtPooki commented Dec 2, 2024

@achingbrain interesting.. I think thats due to the "/" being included along with directories of actual packages in a monorepo...

Looking back at the documentation it seems like this is a bug with github's grouping and that it should be only opening a single, ungrouped, PR

If a dependency doesn't belong to any group, Dependabot will continue to raise single pull requests to update the dependency to its latest version as normal. GitHub reports in the logs if a group is empty. For more information, see "Dependabot fails to group a set of dependencies into a single pull request."

- https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants