Skip to content

chore: update dependabot.yml to comply with posture checks#555

Open
John Kennedy (jkennedyvz) wants to merge 1 commit intomainfrom
chore/fix-dependabot-config
Open

chore: update dependabot.yml to comply with posture checks#555
John Kennedy (jkennedyvz) wants to merge 1 commit intomainfrom
chore/fix-dependabot-config

Conversation

@jkennedyvz
Copy link
Contributor

Summary

  • Add day: "monday" to github-actions schedule so updates land on a predictable day
  • Add grouped updates with major vs minor+patch split for github-actions to separate breaking changes from safe updates
  • Add missing uv entry for libs/community so Python dependencies are tracked weekly

Why

The previous config left Python dependencies (libs/community) entirely unwatched by Dependabot, and the github-actions entry lacked a schedule day and grouping — meaning updates would arrive on a random day, one PR per action.

Review notes

The groups split (major / minor+patch) is the main thing worth a close look — it controls how Dependabot batches PRs going forward.

⚠️ This PR was created with assistance from Claude Code (AI agent).

🤖 Generated with Claude Code

- Add day: "monday" to github-actions schedule
- Add grouped updates with major vs minor+patch split for github-actions
- Add uv entry for libs/community with same schedule and grouping

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions bot added the infra label Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant