starred/servers
1
0
Fork 0
mirror of https://github.com/modelcontextprotocol/servers.git synced 2026-04-17 21:54:05 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4ca2b2626ab1c153b0ca4dbf147d895f1629bbd4
servers/.github/dependabot.yml
Adam Jones 4ca2b2626a fix: add dependabot.yml to fix npm workspaces issues 
Adds dependabot configuration to address npm workspace lockfile issues
that caused PR #3021 to fail.

The root cause was Dependabot trying to update the same package (glob)
to different major versions across workspace directories, creating an
inconsistent package-lock.json that fails `npm ci`.

Key changes:
- Configure npm updates from root directory only (per issue #6346)
- Use versioning-strategy: increase for consistent lockfile updates
- Explicitly configure security update grouping via applies-to

See:
- https://github.com/dependabot/dependabot-core/issues/6346
- https://github.com/dependabot/dependabot-core/issues/7157
2025-11-26 12:45:43 +00:00

57 lines
1.6 KiB
YAML
Raw Blame History

version: 2
updates:
# npm workspaces monorepo - manage from root only
# See: https://github.com/dependabot/dependabot-core/issues/6346
# Dependabot has issues updating package-lock.json when configured
# for individual workspace directories. Using root directory ensures
# consistent lockfile updates across all workspaces.
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
# Use 'increase' strategy to ensure both package.json and package-lock.json
# are updated consistently
versioning-strategy: increase
groups:
# Group version updates (minor/patch only for safety)
npm-dependencies:
patterns:
- "*"
update-types:
- "minor"
- "patch"
# Explicitly configure security updates grouping
# This ensures security updates are handled from the root directory
# to avoid npm workspace hoisting issues when different workspaces
# need different major versions of the same package
npm-security:
applies-to: security-updates
patterns:
- "*"
# Python packages
- package-ecosystem: "pip"
directory: "/src/fetch"
schedule:
interval: "weekly"
- package-ecosystem: "pip"
directory: "/src/git"
schedule:
interval: "weekly"
- package-ecosystem: "pip"
directory: "/src/time"
schedule:
interval: "weekly"
# GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
groups:
github-actions:
patterns:
- "*"
Reference in New Issue View Git Blame Copy Permalink