Skip to content

chore: improve dependabot configuration#506

Open
scode2277 wants to merge 1 commit into
developfrom
fix/dependabot-workflow
Open

chore: improve dependabot configuration#506
scode2277 wants to merge 1 commit into
developfrom
fix/dependabot-workflow

Conversation

@scode2277
Copy link
Copy Markdown
Collaborator

@scode2277 scode2277 commented May 28, 2026

This PR improves the dependabot setup with these changes:

  • Fix github-actions block directory from /.github/workflows to / (correct value per GitHub docs)
  • Add cooldown: default-days: 7 to both blocks to avoid auto-PRs on freshly published versions
  • Add grouping to github-actions block (was missing)
  • Rename group npm_and_yarn to pnpm-deps to reflect the actual package manager in use
  • Remove github-actions label from labels block

Frameworks PR Checklist

Thank you for contributing to the Security Frameworks! Before you open a PR, make sure to read information for contributors and take a look at the following checklist:

  • Describe your changes, substitute this text with the information
  • If you are touching an existing piece of content, tag current contributors from the attribution list
  • If there is a steward for that framework, ask the steward to review it
  • If you're modifying the general outline, make sure to update it in the vocs.config.ts adding the dev: true parameter
  • If you need feedback for your content from the wider community, share the PR in our Discord
  • Review changes to ensure there are no typos; see instructions below.

@scode2277 scode2277 added the enhancement Updates that improve or refine existing features, user experience, or system performance. label May 28, 2026
frameworks-volunteer
frameworks-volunteer approved these changes May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@frameworks-volunteer frameworks-volunteer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Model: z-ai/glm-5.1 Reasoning: medium Provider: openrouter

Security: Clear. No secrets, no injection vectors, no unsafe patterns. This is a YAML config file only.

QA: All changes verified against PR description and Dependabot docs:

  • directory: "/.github/workflows" -> "/": Correct. GitHub docs confirm / is the right value for github-actions ecosystem.
  • cooldown: default-days: 7 on both blocks: Valid option, avoids PRs for freshly published versions.
  • Groups added to github-actions block: Was missing, now consistent with npm block.
  • Group rename npm_and_yarn -> pnpm-deps: Accurate -- repo uses pnpm.
  • Removed github-actions label: Commit prefix chore(gha) already identifies these PRs.

CI: All checks pass (dependabot validation, lint, sidebar-reminder, Cloudflare).

One minor note: file ends without a trailing newline (cosmetic only, not blocking).

Approving -- all changes are correct and well-justified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattaereal mattaereal Awaiting requested review from mattaereal

1 more reviewer

@frameworks-volunteer frameworks-volunteer frameworks-volunteer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement Updates that improve or refine existing features, user experience, or system performance.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@scode2277 @frameworks-volunteer