Skip to content

Add Dependabot configuration for automated dependency updates#730

Merged
rscohn2 merged 1 commit into
uxlfoundation:developfrom
rscohn2:add-dependabot-config
May 29, 2026
Merged

Add Dependabot configuration for automated dependency updates#730
rscohn2 merged 1 commit into
uxlfoundation:developfrom
rscohn2:add-dependabot-config

Conversation

@rscohn2

@rscohn2 rscohn2 commented May 27, 2026
edited
Loading

Copy link
Copy Markdown
Member

Add Dependabot configuration for automated dependency updates

Summary

  • Adds .github/dependabot.yml to automate dependency updates
  • Configures weekly checks for Python dependencies (docs/requirements.txt)
  • Configures weekly checks for GitHub Actions across all workflows
  • Dependabot will maintain SHA pinning format for GitHub Actions
  • Replaces default dependabot, that was updating requirements.doc, but was not updating github actions. e.g. Update GitHub Actions to latest versions in documentation workflow #729

Benefits

  • Automated PRs for security patches and bug fixes
  • Continues current SHA pinning best practice for Actions
  • Reduces manual maintenance burden
  • Ensures dependencies stay current

🤖 Generated with Claude Code

@rscohn2 @claude
Add Dependabot configuration for automated dependency updates
3b3c653 
Configures Dependabot to monitor and update:
- Python dependencies in docs/requirements.txt (weekly)
- GitHub Actions across all workflows (weekly)

This ensures dependencies stay up-to-date with security patches
and bug fixes through automated pull requests.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@rscohn2 rscohn2 requested a review from a team as a code owner May 27, 2026 14:48
@rscohn2 rscohn2 mentioned this pull request May 27, 2026
Closed
@vmalia

vmalia commented May 27, 2026

Copy link
Copy Markdown
Contributor

@rscohn2 We already get automated updates from dependabot as seen in the recent PRs like #720 #721 #724 and #725. Can you please share the motivation for this PR and how it will affect the existing mechanism?

@rscohn2

rscohn2 commented May 27, 2026

Copy link
Copy Markdown
Member Author

Can you please share the motivation for this PR and how it will affect the existing mechanism?

I updated the description to answer your question:
Replaces default dependabot, that was updating requirements.doc, but was not updating github actions. e.g. #729

You need a dependabot.yml to handle github actions, and if you have a yml file, you have to declare everything, including the requirements.txt, which was being done by default before.

@rscohn2 rscohn2 merged commit d8dca6e into uxlfoundation:develop May 29, 2026
11 of 15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkrainiuk mkrainiuk mkrainiuk approved these changes
@vmalia vmalia vmalia approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rscohn2 @vmalia @mkrainiuk