sharpetronics/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2025-12-09 00:01:28 -05:00
Code Issues Projects Releases Wiki Activity

Group non-breaking dependabot PRs together to reduce review load (#18402)

Browse Source
This commit is contained in:
Andrew Morgan 2025-12-05 10:48:01 +00:00 committed by GitHub
parent e8710e7c5e
commit a096fba969
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
.github/dependabot.yml vendored
View File

@ -9,6 +9,22 @@ updates:
open-pull-requests-limit: 10 open-pull-requests-limit: 10
schedule: schedule:
interval: "weekly" interval: "weekly"
# Group patch updates to packages together into a single PR, as they rarely
# if ever contain breaking changes that need to be reviewed separately.
#
# Less PRs means a streamlined review process.
#
# Python packages follow semantic versioning, and tend to only introduce
# breaking changes in major version bumps. Thus, we'll group minor and patch
# versions together.
groups:
minor-and-patches:
applies-to: version-updates
patterns:
- "*"
update-types:
- "minor"
- "patch"
# Prevent pulling packages that were recently updated to help mitigate # Prevent pulling packages that were recently updated to help mitigate
# supply chain attacks. 14 days was taken from the recommendation at # supply chain attacks. 14 days was taken from the recommendation at
# https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns # https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
@ -25,6 +41,16 @@ updates:
open-pull-requests-limit: 10 open-pull-requests-limit: 10
schedule: schedule:
interval: "weekly" interval: "weekly"
# For container versions, breaking changes are also typically only introduced in major
# package bumps.
groups:
minor-and-patches:
applies-to: version-updates
patterns:
- "*"
update-types:
- "minor"
- "patch"
cooldown: cooldown:
default-days: 14 default-days: 14
@ -33,6 +59,16 @@ updates:
open-pull-requests-limit: 10 open-pull-requests-limit: 10
schedule: schedule:
interval: "weekly" interval: "weekly"
# Similarly for GitHub Actions, breaking changes are typically only introduced in major
# package bumps.
groups:
minor-and-patches:
applies-to: version-updates
patterns:
- "*"
update-types:
- "minor"
- "patch"
cooldown: cooldown:
default-days: 14 default-days: 14
@ -42,5 +78,15 @@ updates:
versioning-strategy: "lockfile-only" versioning-strategy: "lockfile-only"
schedule: schedule:
interval: "weekly" interval: "weekly"
# The Rust ecosystem is special in that breaking changes are often introduced
# in minor version bumps, as packages typically stay pre-1.0 for a long time.
# Thus we specifically keep minor version bumps separate in their own PRs.
groups:
patches:
applies-to: version-updates
patterns:
- "*"
update-types:
- "patch"
cooldown: cooldown:
default-days: 14 default-days: 14

1
changelog.d/18402.misc Normal file
View File

@ -0,0 +1 @@
Group together dependabot update PRs to reduce the review load.