Skip to content

chore: add grouped Dependabot config#17

Merged
jwcesign merged 1 commit into
mainfrom
chore/add-dependabot-config
Jun 24, 2026
Merged

chore: add grouped Dependabot config#17
jwcesign merged 1 commit into
mainfrom
chore/add-dependabot-config

Conversation

@francis-jjk

Copy link
Copy Markdown
Contributor

What

Adds .github/dependabot.yml (the repo had none) enabling weekly version updates for:

  • Go modules (/)
  • GitHub Actions (workflow action versions)

Updates are grouped into a single PR per ecosystem.

Why

These keep dependencies fresh proactively, so newly published CVEs are less likely to land on a stale pinned version (which is what forces reactive one-off bump PRs like #16). Grouping keeps the PR count low.

Security updates are unaffected — they continue to arrive as individual, trackable PRs.

🤖 Generated with Claude Code

Adds .github/dependabot.yml enabling weekly version updates for Go modules
and GitHub Actions. Updates are grouped into a single PR per ecosystem to
keep dependencies fresh proactively (reducing the chance that newly
published CVEs land on stale versions) while minimizing PR noise.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Jingkang Jiang <jjk@cloudpilot.ai>
@gitautomator

gitautomator Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Thanks to your contribution, the maintainers will review it as soon as they can!

@gitautomator gitautomator Bot requested a review from jwcesign June 24, 2026 03:58
@gitautomator gitautomator Bot added the enhancement New feature or request label Jun 24, 2026
@jwcesign jwcesign merged commit 31e7c04 into main Jun 24, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants