Skip to content

Re-enable Dependabot security updates, not version updates #304

Description

@kilodesodiq-arch

Problem Statement. The config disables Dependabot entirely, including the security
update stream. Even before version PRs come back, security PRs would be valuable.

Technical Context.
.github/dependabot.yml.

Expected Outcome. A second config revision that enables security-updates
without enabling version-updates. Done via Repo Settings + a config fragment.

Acceptance Criteria.

  • A security update lands within 24 h of a CVE being published.

Files or modules likely to be affected.
.github/dependabot.yml,
GH repo settings (documented in docs/security/dependabot.md).

Difficulty. Easy
Estimated effort. XS



Backlog item #96 from `docs/maintainer-issue-backlog.md.

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions