Skip to content

Enable Dependabot for npm + cargo + pip with grouped weekly PRs #302

Description

@kilodesodiq-arch

Problem Statement. .github/dependabot.yml is intentionally disabled (configured
with open-pull-requests-limit: 0). Many library upgrades are deferred.

Technical Context.
.github/dependabot.yml.

Expected Outcome. A new .github/dependabot.yml enables npm, cargo, pip, github-actions
ecosystems. Grouped weekly PRs (@dependabot squash).

Acceptance Criteria.

  • PRs are auto-titled per ecosystem.
  • A renovate.json mirror exists for those who prefer Renovate.

Files or modules likely to be affected.
.github/dependabot.yml,
new .github/renovate.json (alternative).

Difficulty. Easy
Estimated effort. S



Backlog item #94 from `docs/maintainer-issue-backlog.md.

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions