Skip to content

Add Dependabot (cooldown + grouped) with patch/minor auto-merge#217

Open
yurynix wants to merge 1 commit into
mainfrom
chore/dependabot-setup
Open

Add Dependabot (cooldown + grouped) with patch/minor auto-merge#217
yurynix wants to merge 1 commit into
mainfrom
chore/dependabot-setup

Conversation

@yurynix

@yurynix yurynix commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

What

Sets up Dependabot for this repo as part of the dependency-security hybrid: Dependabot handles the mechanical patch/minor security + version updates (with a cooldown, grouped, auto-merged when safe); the separate holistic bot handles majors / no-fix advisories with remediation guidance.

  • .github/dependabot.ymlnpm + github-actions, daily, 7-day cooldown, grouped minor/patch, dependencies label. Security updates (advisory-driven) honor the same cooldown/groups.
  • .github/workflows/dependabot-auto-merge.yml — patch/minor → gh pr merge --auto --squash (merges once this repo's CI passes); major → comment, left for a human.

⚠️ Repo settings needed (admin) — not doable via this PR

Please enable on the repo:

  • Dependabot alerts + Dependabot security updates (Settings → Code security)
  • Allow auto-merge (Settings → General → Pull Requests)

Without "Allow auto-merge", the auto-merge step will no-op/fail; without alerts+security-updates you won't get advisory-driven PRs.

Notes

  • This repo has CI, so auto-merge waits for green checks.
  • Majors aren't auto-merged by design — they're the holistic bot's / a human's job.

🤖 Generated with Claude Code

@claude

claude Bot commented Jul 2, 2026

Copy link
Copy Markdown

Claude encountered an error —— View job


I'll analyze this and get back to you.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

🚀 Package Preview Available!


Install this PR's preview build with npm:

npm i @base44-preview/sdk@0.8.35-pr.217.90d697b

Prefer not to change any import paths? Install using npm alias so your code still imports @base44/sdk:

npm i "@base44/sdk@npm:@base44-preview/sdk@0.8.35-pr.217.90d697b"

Or add it to your package.json dependencies:

{
  "dependencies": {
    "@base44/sdk": "npm:@base44-preview/sdk@0.8.35-pr.217.90d697b"
  }
}

Preview published to npm registry — try new features instantly!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant