fix(CI): rm dependencies.yml

[RobinTail]

Summary by CodeRabbit

• Chores
  • Removed automated workflow for monthly dependency upgrades.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f95f814c-c585-4c1d-b4e5-6823ef0c9d15

📥 Commits

Reviewing files that changed from the base of the PR and between c7d68d5 and 3c0a706.

📒 Files selected for processing (1)

• .github/workflows/dependencies.yml

💤 Files with no reviewable changes (1)

• .github/workflows/dependencies.yml

---

📝 Walkthrough

Walkthrough

The .github/workflows/dependencies.yml workflow file was completely removed, eliminating the automated monthly dependency upgrade process that previously executed pnpm workspace upgrades, created dated branches, and opened pull requests for dependency updates.

Changes

Cohort / File(s)	Summary
GitHub Workflows .github/workflows/dependencies.yml	Removed entire workflow definition that automated monthly dependency upgrades via pnpm with scheduled and manual dispatch triggers.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• RobinTail/express-zod-api#2786: Modified the same .github/workflows/dependencies.yml workflow to adjust the pnpm upgrade/install step, whereas this PR removes the workflow entirely.

Poem

🐰 The automated rabbit once hopped,
Updating deps on schedule, never stopped,
But now its burrow is swept clean and bare,
No more monthly upgrades floating in the air! 🌙

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(CI): rm dependencies.yml' directly and clearly describes the main change - removal of the dependencies.yml workflow file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch RobinTail-patch-3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coveralls-official]

coverage: 100.0%. remained the same — RobinTail-patch-3 into master

[pullfrog]

Note

Replacement coverage already in place via Renovate — no stale references found, safe to merge.

TL;DR — Removes the monthly Dependencies upgrade cron workflow now that Renovate handles the same scope (including pnpm catalogs and the compat-test exclusion).

Key changes

• Delete .github/workflows/dependencies.yml — drops the scheduled pnpm -F !compat-test up + auto-PR job; Renovate at /renovate.json covers the same surface continuously instead of monthly.

_{Summary ｜ 1 file ｜ 1 commit ｜ base: master ← RobinTail-patch-3}

Scope parity with Renovate

Before: monthly cron runs pnpm -F !compat-test up and opens one batched PR via peter-evans/create-pull-request@v8.
After: Renovate (config:recommended, ignorePaths: ["**/compat-test/**"], postUpdateOptions: ["pnpmDedupe"], minimumReleaseAge: "1 day") trickles smaller PRs continuously.

The built-in pnpm-catalog manager enabled by config:recommended parses the catalogs: blocks in pnpm-workspace.yaml, so the prod, peer.zod, and dev entries the cron used to bump are still covered. The ignorePaths glob mirrors the workflow's -F !compat-test filter, so behavior parity is preserved.

renovate.json · pnpm-workspace.yaml

No stale references in the rest of the tree

Before: Dependencies upgrade workflow referenced (or referenceable) from CI/docs.
After: clean removal — nothing else in the repo points at it.

No other workflow uses workflow_call, needs, or workflow_run against this one; the remaining peter-evans/create-pull-request@v8 use is the unrelated weekly headers.yml. README / CHANGELOG / AGENTS / CONTRIBUTING / issue templates / FUNDING make no mention of the monthly cadence, and the manual npm-publish.yml and bump.yml don't depend on it. No CHANGELOG entry needed per AGENTS.md (CI-only change, no public-API impact).

.github/workflows/headers.yml · .github/workflows/npm-publish.yml · AGENTS.md

Behavior shifts worth knowing (non-blocking)

Before: one batched monthly PR, auto-assigned to robintail.
After: continuous Renovate PRs with default (no) assignees.

The cadence change is generally desirable — smaller, easier-to-review PRs. If you want the same reviewer routing the cron had, adding "assignees": ["RobinTail"] and/or "reviewers": ["RobinTail"] to renovate.json is a one-line follow-up. Worth a quick visual check that recent Renovate PRs are healthy before merging, since this deletion removes the monthly safety net.

renovate.json

  ^{｜ View workflow run ｜ Using Claude Opus ｜ 𝕏}