fix: add biome pre-commit hook and standardize dependabot yaml#235
fix: add biome pre-commit hook and standardize dependabot yaml#235santoslgl01-web wants to merge 1 commit into
Conversation
 |
|
Overall Grade |
Security Reliability Complexity Hygiene |
Code Review Summary
| Analyzer | Status | Updated (UTC) | Details |
|---|---|---|---|
| Secrets |  |
Apr 28, 2026 8:25a.m. | Review ↗ |
| Python | |
Apr 28, 2026 8:25a.m. | Review ↗ |
| JavaScript | |
Apr 28, 2026 8:25a.m. | Review ↗ |
Important
AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request standardizes Dependabot configurations and replaces Prettier with Biome for pre-commit hooks. Feedback suggests restoring the removed commit scope and cooldown settings in Dependabot, excluding YAML files from Biome as it lacks support for them, and removing the --unsafe flag to prevent unintended logic changes.
| prefix: "ci" | ||
| groups: | ||
| github-actions: | ||
| patterns: | ||
| - '*' | ||
| cooldown: | ||
| default-days: 7 | ||
| - package-ecosystem: 'pip' | ||
| directory: '/' | ||
| - "*" |
There was a problem hiding this comment.
The include: "scope" and cooldown configurations were removed from the github-actions update block. These settings are functional configurations that control commit message formatting and pull request frequency. If the intent was only to standardize quoting and indentation, these should be restored.
prefix: "ci"
include: "scope"
groups:
github-actions:
patterns:
- "*"
cooldown:
default-days: 7| prefix: "deps" | ||
| groups: | ||
| python-dependencies: | ||
| patterns: | ||
| - '*' | ||
| cooldown: | ||
| default-days: 7 | ||
| - "*" |
There was a problem hiding this comment.
The include: "scope" and cooldown configurations were also removed from the pip update block. These should be restored to maintain consistent behavior for Python dependency updates.
prefix: "deps"
include: "scope"
groups:
python-dependencies:
patterns:
- "*"
cooldown:
default-days: 7| - id: biome-check | ||
| name: run biome formatter/checker | ||
| args: [--write, --unsafe] | ||
| files: ^(.*\.(json|jsonc|js|jsx|ts|tsx|css)|\.github/.*\.ya?ml)$ |
There was a problem hiding this comment.
Biome does not currently support YAML formatting. The previous prettier hook was specifically configured to format .yaml and .yml files. By replacing it with Biome and including YAML files in the files filter, you are effectively disabling automated formatting for these files. It is recommended to exclude YAML from the Biome hook and restore a YAML-capable formatter.
files: ^(.*\.(json|jsonc|js|jsx|ts|tsx|css))$| additional_dependencies: ['prettier@3.8.3'] | ||
| - id: biome-check | ||
| name: run biome formatter/checker | ||
| args: [--write, --unsafe] |
There was a problem hiding this comment.
The --unsafe flag allows Biome to perform transformations that can alter code logic (such as removing unused imports or variables). In a pre-commit hook, it is generally safer to avoid automated logic changes to prevent unintended side effects in the codebase. Consider removing this flag.
args: [--write]
|
You need to run the same version of Python that our project uses. You can install a new version of Python since 3.9 is EOL |
|
Thanks for the review. I’m updating this from a newer Python environment so I can rerun the project’s expected tooling cleanly and restore the removed configuration rather than dropping it. I’ll push a follow-up once the requested changes are addressed. |
|
We had a git blocker that I fixed. Was running on everyones forks and messing up their branches https://github.com/john-bampton/john-bampton.github.io/pull/236/changes @santoslgl01-web sorry about that mate. |
2 participants
Summary
.github/dependabot.ymlquoting/indentation to valid consistent YAMLTesting
.pre-commit-config.yamland.github/dependabot.ymlwithyaml.safe_loadgit diff --checkpre-commit run --files .pre-commit-config.yaml .github/dependabot.yml(blocked by existing repo-level Python version constraint:isorthook requires Python >=3.10 while local environment is Python 3.9)Fixes #120