Skip to content

chore: update depedabot setting#6715

Merged
climba03003 merged 2 commits into
mainfrom
update-dependabot
May 20, 2026
Merged

chore: update depedabot setting#6715
climba03003 merged 2 commits into
mainfrom
update-dependabot

Conversation

@climba03003

Copy link
Copy Markdown
Member

Proposed to update the dependabot configuration as follow.

  • Only allows major updates
  • Use versioning-strategy: "increase-if-necessary"
  • Add cooldown to 7 days
  • Reduce the cycle to "weekly"

The proposed change should address the issues.

  • Reduce rubbish PR, for example update ^1.0.0 to ^1.0.1.
  • Prevent updates newly publish packages.
  • More frequent check on new major version updates.

There is no meaning to restrict a monthly check since we allows only major.
At most delay the landing about 14 days.
I assume it can reduce the number of PR to around "2-3 (each repository) a year" and most of them would be Github Actions updates.

Checklist

@metcoder95 metcoder95 requested a review from a team May 7, 2026 08:47
@metcoder95 metcoder95 requested a review from Fdawgs May 7, 2026 08:47
Fdawgs
Fdawgs previously requested changes May 7, 2026
Comment thread .github/dependabot.yml

@jsumners jsumners left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am glad to see that I will still get @fastify/leads notifications.

I will not block this, but I am completely opposed to Dependabot full stop. I think this is a better configuration, but I am confident it will cause problems outside of the noise no one is paying attention to. Namely, modules ship new majors to go ESM only, and that is incompatible with the framework. Again, bumping the major of a "production" dependency is itself a major version action.

@climba03003

climba03003 commented May 7, 2026

Copy link
Copy Markdown
Member Author

Namely, modules ship new majors to go ESM only, and that is incompatible with the framework.

ESM only never an issues now, since require(ESM) is supported on all LTS version.
If there is an issues, the CI should be red and will not merge that PR.
It should be something that we should take care of.

Again, bumping the major of a "production" dependency is itself a major version action.

I still prefer it as a notification for us to keep the dependencies up-to-date.
If we prefer to not merging the major bump automatically, just remove the auto merge github actions.

@Fdawgs

Fdawgs commented May 7, 2026

Copy link
Copy Markdown
Member

I still prefer it as a notification for us to keep the dependencies up-to-date. If we prefer to not merging the major bump automatically, just remove the auto merge github actions.

Same, I like the notifications, saves us having to go and manually find any dependency with a major update.

In regards to the automerge action, we need to change these https://github.com/search?q=org%3Afastify+%22target%3A+major%22&type=code to target: minor so it stops automerging major updates. However, unit tests should catch any breaking changes...?

@Fdawgs Fdawgs dismissed their stale review May 7, 2026 13:04

No impact

@jsumners

jsumners commented May 7, 2026

Copy link
Copy Markdown
Member

The last thing I will add is the link I included in the issue I opened and closed on this topic: https://github.com/search?q=org%3Afastify+dependabot+state%3Aopen&type=pullrequests

That should have zero items if this tool were providing value.

@climba03003 climba03003 force-pushed the update-dependabot branch from 89ec338 to f8d1b50 Compare May 8, 2026 14:49
@climba03003

Copy link
Copy Markdown
Member Author

The last thing I will add is the link I included in the issue I opened and closed on this topic: https://github.com/search?q=org%3Afastify+dependabot+state%3Aopen&type=pullrequests

Most of the PR spam about neostandard and ESLint.
I am going to ignore the update from both related packages.
Each time ESLint do a major bump, it requires a year or even more to get all the plugins supported.

@mcollina mcollina left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Tony133 pushed a commit to fastify/session that referenced this pull request Jun 15, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-websocket that referenced this pull request Jun 15, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-kafka that referenced this pull request Jun 15, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-swagger that referenced this pull request Jun 15, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-postgres that referenced this pull request Jun 16, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-mysql that referenced this pull request Jun 16, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-multipart that referenced this pull request Jun 16, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-mongodb that referenced this pull request Jun 16, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/ajv-compiler that referenced this pull request Jun 16, 2026
Update dependabot setting to reduce necessary change and noise.
Ref fastify/fastify#6715

Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-type-provider-json-schema-to-ts that referenced this pull request Jun 16, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-type-provider-zod that referenced this pull request Jun 16, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-kafka that referenced this pull request Jun 16, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/middie that referenced this pull request Jun 16, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/forwarded that referenced this pull request Jun 17, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-url-data that referenced this pull request Jun 17, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/one-line-logger that referenced this pull request Jun 17, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fastify-error that referenced this pull request Jun 17, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/fast-json-stringify-compiler that referenced this pull request Jun 17, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/light-my-request that referenced this pull request Jun 17, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/json-schema-ref-resolver that referenced this pull request Jun 17, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/process-warning that referenced this pull request Jun 17, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
zekth pushed a commit to fastify/fast-uri that referenced this pull request Jun 18, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715

Signed-off-by: KaKa <[email protected]>
Co-authored-by: Antonio Tripodi <[email protected]>
Tony133 pushed a commit to fastify/avvio that referenced this pull request Jun 18, 2026
Update dependabot setting to reduce necessary change and noise.
Ref fastify/fastify#6715

Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/merge-json-schemas that referenced this pull request Jun 18, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/proxy-addr that referenced this pull request Jun 18, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/restartable that referenced this pull request Jun 18, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715



Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/safe-regex2 that referenced this pull request Jun 18, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715


Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/deepmerge that referenced this pull request Jun 18, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715

Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/env-schema that referenced this pull request Jun 18, 2026
Update dependabot setting to reduce unnecessary change and noise.
Ref fastify/fastify#6715

Signed-off-by: KaKa <[email protected]>
Tony133 pushed a commit to fastify/accept-negotiator that referenced this pull request Jun 18, 2026
Update dependabot setting to reduce necessary change and noise.
Ref fastify/fastify#6715

Signed-off-by: KaKa <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants