Enable Dependabot for packages directory with weekly grouped updates #11250
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
create-cloudflare
@cloudflare/kv-asset-handler
miniflare
@cloudflare/pages-shared
@cloudflare/unenv-preset
@cloudflare/vite-plugin
@cloudflare/vitest-pool-workers
@cloudflare/workers-editor-shared
@cloudflare/workers-utils
wrangler
commit: |
- Remove invalid changeset that included private packages - Change directory from '/packages' to '/' for proper workspace support - Add open-pull-requests-limit: 1 to ensure single PR per week Co-Authored-By: [email protected] <[email protected]>
petebacondarwin
commented
Nov 12, 2025
.github/dependabot.yml
Outdated
| allow: | ||
| - dependency-name: "workerd" | ||
| - dependency-name: "@cloudflare/workers-types" | ||
| # Check for dependency updates in packages directory |
Contributor
Author
There was a problem hiding this comment.
this comment is now out of date
- Add ignore filters for workerd and @cloudflare/workers-types to the weekly dependency update entry - Update comment to clarify this entry excludes workerd & workers-types - This resolves the 'overlapping directories' error by making the two npm entries non-overlapping Co-Authored-By: [email protected] <[email protected]>
Dependabot does not allow two npm update entries with the same directory and target-branch, regardless of allow/ignore filters. The uniqueness constraint only considers (package-ecosystem, directory, target-branch). Removing the weekly entry to resolve the overlapping directories error. Will discuss alternative approaches with maintainers. Co-Authored-By: [email protected] <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Devin PR requested by [email protected]
This PR configures Dependabot to automatically check for dependency updates in the packages directory, grouping all updates into a single PR that runs weekly on Sundays at 6am.
Changes
Added a new Dependabot configuration entry to
.github/dependabot.ymlthat:/packagesdirectory for npm dependency updatespackages-dependenciesgroupincreaseversioning strategydependenciesandskip-pr-description-validationlabelsReview Checklist
Important: Please verify the following:
/packagesdirectory path is correct for Dependabot. Dependabot typically scans directories containingpackage.jsonfiles. Since/packagesis a parent directory with multiple subdirectories, this configuration may need adjustment to work as intended.*will correctly group all package dependencies into a single PR as requested.Link to Devin run: https://app.devin.ai/sessions/9af3cd534c0940efbdbd7a6f160d8a23