Skip to content

chore: scope Dependabot to only packages we control#2892

Merged
Saadnajmi merged 2 commits intomicrosoft:mainfrom
Saadnajmi:chore/scope-dependabot-config
Apr 7, 2026
Merged

chore: scope Dependabot to only packages we control#2892
Saadnajmi merged 2 commits intomicrosoft:mainfrom
Saadnajmi:chore/scope-dependabot-config

Conversation

@Saadnajmi
Copy link
Copy Markdown
Collaborator

@Saadnajmi Saadnajmi commented Apr 7, 2026

Summary

  • Scoped Dependabot npm monitoring from the entire monorepo root (/) to only the package directories we control
  • Moved docusaurus monitoring to /docsite where the deps and lockfile actually live (previously pointed at / where there are zero @docusaurus entries in the root lockfile)
  • Forked @react-native/* packages are now excluded — their dependencies should stay in sync via upstream merges

Monitored directories:

  • /docsite
  • /packages/react-native (react-native-macos)
  • /packages/react-native-macos-init
  • /packages/nx-release-version (@react-native-macos/nx-release-version)
  • /packages/virtualized-lists (@react-native-macos/virtualized-lists)

Test plan

  • Verify Dependabot picks up the new config on the next scheduled run
  • Confirm no PRs are opened for forked @react-native/* package dependencies

🤖 Generated with Claude Code

@Saadnajmi @claude
chore: scope Dependabot to only packages we control
1003e68 
The previous config monitored all npm dependencies in the monorepo root,
which includes ~20 forked @react-native/* packages whose dependencies
should stay in sync via upstream merges — not Dependabot.

Now Dependabot only monitors:
- /docsite (own lockfile, docusaurus deps)
- /packages/react-native (react-native-macos)
- /packages/react-native-macos-init
- /packages/nx-release-version
- /packages/virtualized-lists

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Saadnajmi Saadnajmi requested a review from a team as a code owner April 7, 2026 17:35
@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Apr 7, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 7f9c4ff

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@Saadnajmi @claude
chore: group all Dependabot updates into single PRs
7f9c4ff 
Use wildcard group patterns so each ecosystem entry produces at most
one PR per week instead of one per dependency.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Saadnajmi Saadnajmi merged commit 3dc3479 into microsoft:main Apr 7, 2026
17 of 18 checks passed
@Saadnajmi Saadnajmi deleted the chore/scope-dependabot-config branch April 7, 2026 23:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vmoroz vmoroz vmoroz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Saadnajmi @vmoroz