Skip to content

chore: add .github/dependabot.yml for automated dependency updates#130

Merged
minpeter merged 1 commit into
mainfrom
chore/ultracode-add-dependabot
Jun 16, 2026
Merged

chore: add .github/dependabot.yml for automated dependency updates#130
minpeter merged 1 commit into
mainfrom
chore/ultracode-add-dependabot

Conversation

@minpeter

@minpeter minpeter commented Jun 16, 2026
edited by cubic-dev-ai Bot
Loading

Copy link
Copy Markdown
Owner

What changed

Added .github/dependabot.yml with two update configurations:

  • npm ecosystem targeting / — weekly schedule, capped at 5 open PRs
  • github-actions ecosystem targeting / — weekly schedule

Why

This is an active TypeScript monorepo published to npm with multiple packages and real CI pipelines, but had no Dependabot configuration. GitHub's own security scanner found 7 vulnerabilities on the default branch (3 high, 2 moderate, 2 low). Without Dependabot, security patches and version bumps require manual tracking. This config ensures they surface automatically as PRs.

Verification

Ran the verifyCmd from the scan plan:

cat /Users/minpeter/ultracode-scan/plugsuits/.github/dependabot.yml

File exists and contains valid structure (verified with Python string checks):

  • version: 2 present
  • package-ecosystem: "npm" with weekly interval and open-pull-requests-limit: 5
  • package-ecosystem: "github-actions" with weekly interval

This is an automated maintenance pass. No code changes, no lockfile churn — only a config file that enables automated PR creation for dependency updates.

Summary by cubic

Add .github/dependabot.yml to automate weekly dependency update PRs for npm and github-actions, limiting npm to 5 open PRs. This surfaces security patches and version bumps without manual tracking.

Written for commit 089a6e7. Summary will update on new commits.

Review in cubic

@minpeter @claude
chore: add .github/dependabot.yml for automated dependency updates
089a6e7 
Add Dependabot configuration covering npm (weekly, max 5 open PRs) and
github-actions (weekly) ecosystems so security patches and version bumps
are tracked automatically without manual effort.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@gemini-code-assist

gemini-code-assist Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 16, 2026

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. To trigger a review, include @crb review in the PR description. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 46b898d6-aeaf-4911-a52b-53992a9454ed

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/ultracode-add-dependabot

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Jun 16, 2026
View reviewed changes

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Re-trigger cubic

@minpeter minpeter merged commit c288d2c into main Jun 16, 2026
8 checks passed
@minpeter minpeter deleted the chore/ultracode-add-dependabot branch June 16, 2026 03:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@minpeter