chore(renovate): separate patch and minor updates for other dependencies

[MaxLee-dev]

Summary

• Split "Other Dependencies" group into separate patch and minor update groups
• Patch updates are now configured for auto-merge to improve efficiency
• Minor updates remain manual review to maintain control over potentially breaking changes

Motivation

Previously, all other dependencies were grouped into a single PR, which increased complexity and reduced efficiency when reviewing updates. By separating patch and minor updates:

• Patch updates (typically safe, backward-compatible bug fixes) can be auto-merged, reducing manual review overhead
• Minor updates (which may include new features) are still reviewed manually to ensure compatibility

Changes

• Added "Other Dependencies (patch)" group with automerge: true
• Added "Other Dependencies (minor)" group with automerge: false
• Both groups exclude React, Vanilla Extract, and Base UI packages (which have their own dedicated groups)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8886564

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
vapor-ui	Ready	Preview, Comment	Feb 3, 2026 1:17am

[gemini-code-assist]

Summary of Changes

Hello @MaxLee-dev, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request streamlines dependency management by reconfiguring Renovate to differentiate between patch and minor updates for general dependencies. This change allows for automatic merging of low-risk patch updates, significantly reducing manual overhead, while ensuring that potentially impactful minor updates still undergo a manual review process to maintain system stability.

Highlights

• Dependency Grouping Refinement: The 'Other Dependencies' group has been split into two distinct groups: 'Other Dependencies (patch)' and 'Other Dependencies (minor)'.
• Automated Patch Updates: Patch updates for other dependencies are now configured for automatic merging, enhancing efficiency.
• Manual Minor Updates: Minor updates for other dependencies will continue to require manual review to ensure stability and control.
• Consistent Exclusions: Existing exclusions for React, Vanilla Extract, and Base UI packages are preserved in both new dependency groups.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

renovate.json 설정을 수정하여 기타 의존성을 patch와 minor 업데이트로 분리한 좋은 변경입니다. 이를 통해 patch 업데이트는 자동 병합되도록 하여 개발 효율성을 높이고, minor 업데이트는 수동 검토를 유지하여 안정성을 확보할 수 있습니다. 한 가지 유지보수 관점의 의견을 리뷰 댓글로 남겼습니다. 전반적으로 훌륭한 개선입니다.

[gemini-code-assist]

excludePackageNames 목록이 "Other Dependencies (patch)"와 "Other Dependencies (minor)" 두 그룹에 동일하게 중복되어 있습니다.

이는 향후 유지보수 시 잠재적인 오류를 유발할 수 있습니다. 예를 들어, 새로운 패키지 그룹(예: lodash)을 추가하고 제외 목록을 갱신할 때, 두 곳 모두를 수정해야 합니다. 만약 한 곳이라도 누락되면 해당 패키지 업데이트가 의도치 않게 "Other Dependencies" 그룹에 포함될 수 있습니다.

Renovate의 JSON 설정 방식상 이 중복을 간단히 제거하기는 어렵지만, 이 구조를 인지하고 향후 제외 목록 변경 시 두 그룹을 항상 함께 수정하도록 주의가 필요합니다.

References

1. 코드 리뷰 답변은 한국어로 제공해야 합니다. ^(link)

[ZeroChoi2781]

The current approach requires manually updating the exclusion list (excludePackageNames) every time a new group is added.

Instead of adding defensive code as we do now, why not leverage Renovate's packageRules feature where later rules override earlier ones?

"packageRules": [
    // 1. Overall Policy (Most Basic)
    {
        "description": "patch make auto PR, auto merge",
        "matchUpdateTypes": ["patch"],
        "automerge": true,
        // ...
    },
    // ... (minor, major policy)

    // 2. [Changed Location] 'Other Groups' Definition
    // - Start with the most general ones
    // -  can completely remove the `excludePackageNames` attribute.
    {
        "description": "Group patch updates for other dependencies",
        "groupName": "Other Dependencies (patch)",
        "matchUpdateTypes": ["patch"],
        "matchPackageNames": ["*"]
        // delete `excludePackageNames`
    },
    {
        "description": "Group minor updates for other dependencies",
        "groupName": "Other Dependencies (minor)",
        "matchUpdateTypes": ["minor"],
        "matchPackageNames": ["*"]
        // delete `excludePackageNames`
    },

    // 3. Specific group definition (special cases later -> overwriting effect)
    {
        "description": "React and React DOM",
        "groupName": "React Core",
        "matchPackageNames": ["react", "react-dom", ...]
        // Here, the group is reassigned to React Core.
    },
    {
        "groupName": "Vanilla Extract",
        // ...
    },
    {
        "groupName": "Base UI",
        // ...
    }
]

[MaxLee-dev]

The current approach requires manually updating the exclusion list (excludePackageNames) every time a new group is added.

Thank you for the excellent suggestion. Upon reviewing it myself, I found that 'renovate' can override previously defined rules. I have now completed the modification as per your proposed method, reflecting this behaviour.