Skip to content

Remove Dependabot configuration#23037

Merged
chouetz merged 1 commit intomasterfrom
nschweitzer/disable-dependabot
Mar 25, 2026
Merged

Remove Dependabot configuration#23037
chouetz merged 1 commit intomasterfrom
nschweitzer/disable-dependabot

Conversation

@chouetz
Copy link
Copy Markdown
Member

@chouetz chouetz commented Mar 24, 2026

As part of #incident-51602-public, we are temporarily disabling all automated dependency updaters to reduce exposure to potential zero-day vulnerabilities in recent releases.

This PR removes the Dependabot/Renovate configuration from this repository until further notice.

⚠️ Do not merge if your repository is managed by ADMS.

Please refer to #incident-51602-public for updates and to confirm when it is safe to re-enable.

@chouetz chouetz requested a review from a team as a code owner March 24, 2026 17:48
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 24, 2026

⚠️ Recommendation: Add qa/skip-qa label

This PR does not modify any files shipped with the agent.

To help streamline the release process, please consider adding the qa/skip-qa label if these changes do not require QA testing.

@chouetz chouetz added the qa/skip-qa Automatically skip this PR for the next QA label Mar 25, 2026
@chouetz chouetz added this pull request to the merge queue Mar 25, 2026
Merged via the queue into master with commit 414c03b Mar 25, 2026
48 of 52 checks passed
@chouetz chouetz deleted the nschweitzer/disable-dependabot branch March 25, 2026 09:00
aldrickdev pushed a commit that referenced this pull request Mar 25, 2026
@chouetz @aldrickdev
Remove Dependabot configuration (incident-51602) (#23037)
3154eb9
chouetz added a commit that referenced this pull request Mar 28, 2026
@chouetz
Configure Renovate to match former Dependabot settings
2b3c53e 
Replicate the Dependabot configuration removed in #23037: weekly
GitHub Actions updates on Mondays, grouped into a single PR, with
7-day minimum release age and appropriate labels.
github-merge-queue bot pushed a commit that referenced this pull request Apr 7, 2026
@renovate @chouetz @AAraKKe
chore: Configure Renovate (#23061)
f50c475 
* Add renovate.json

* Configure Renovate to match former Dependabot settings

Replicate the Dependabot configuration removed in #23037: weekly
GitHub Actions updates on Mondays, grouped into a single PR, with
7-day minimum release age and appropriate labels.

* Use updated label

* Configure Renovate for dtolnay/rust-toolchain digest tracking

- Pin dtolnay/rust-toolchain to latest master SHA and track master branch
  so the commit is never garbage-collected
- Add dedicated package rule without minimumReleaseAge (digest updates lack
  releaseTimestamp so the gate is unreliable)

* Pass toolchain: stable input to dtolnay/rust-toolchain

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Nicolas Schweitzer <nicolas.schweitzer@datadoghq.com>
Co-authored-by: Juanpe Araque <juanpedro.araque@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iliakur iliakur iliakur approved these changes

Assignees

No one assigned

Labels

agent/approved ecosystems/review-requested product/review-requested qa/skip-qa Automatically skip this PR for the next QA team/agent-integrations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chouetz @iliakur