resolve codeQL issue on dependabot config...

NiloCK · NiloCK · commit ee6375642ba0 · 2025-03-03T22:41:14.000-04:00
The error occurs because you have two update configurations targeting
the same package ecosystem (`npm`) and directory (`/`). GitHub doesn't
allow this direct overlap, even though your intent is to handle major
updates separately from minor/patch updates.

This new configuration:

1. Uses a single update configuration for all npm dependencies
2. Groups minor and patch updates together (with the specified
exclusions)
3. Doesn't group major updates (so they'll each get their own PR)
4. Limits the number of open PRs to 5
5. Applies the "dependencies" label to all dependency PRs
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,39 +5,26 @@
 
 version: 2
 updates:
-  # Configuration for minor and patch updates (grouped)
+  # Configuration for all updates
   - package-ecosystem: 'npm'
     directory: '/'
     schedule:
       interval: 'weekly'
-    # Only allow minor and patch updates
-    ignore:
-      - dependency-name: '*'
-        update-types: ['version-update:semver-major']
+    # Group minor and patch updates
     groups:
-      dependencies:
+      minor-patch-dependencies:
         patterns:
           - '*'
+        update-types:
+          - 'minor'
+          - 'patch'
         exclude-patterns:
           - '@types/*' # Exclude type definitions from grouping for better clarity
+    # Handle major updates separately (they won't be grouped)
+    # Limit the number of open PRs for major updates
+    open-pull-requests-limit: 5
     labels:
       - 'dependencies'
-      - 'minor-patch-update'
-
-  # Separate configuration for major version updates
-  - package-ecosystem: 'npm'
-    directory: '/'
-    schedule:
-      interval: 'monthly' # Check less frequently to avoid PR noise
-    # Only include major updates
-    ignore:
-      - dependency-name: '*'
-        update-types: ['version-update:semver-minor', 'version-update:semver-patch']
-    # Don't group major updates so they can be reviewed individually
-    open-pull-requests-limit: 5 # Limit the number of open PRs for major updates
-    labels:
-      - 'dependencies'
-      - 'major-update'
-      - 'breaking-change'
-    assignees:
-      - 'nilock'
+    commit-message:
+      prefix: 'deps'
+      include: 'scope'
