Skip to content

chore(deps): add dependabot configuration for grouped updates#8

Merged
platinummonkey merged 1 commit into
mainfrom
dependabot-upgrades
Feb 10, 2026
Merged

chore(deps): add dependabot configuration for grouped updates#8
platinummonkey merged 1 commit into
mainfrom
dependabot-upgrades

Conversation

@platinummonkey
Copy link
Copy Markdown
Collaborator

@platinummonkey platinummonkey commented Feb 10, 2026
edited
Loading

Summary

Adds Dependabot configuration to automate dependency updates with grouped PRs for both GitHub Actions and Go modules.

Changes

  • Add .github/dependabot.yml with weekly update schedules
  • Configure grouped updates for GitHub Actions dependencies
  • Configure grouped updates for Go module dependencies

Benefits

  • Automated security and feature updates
  • Reduced PR noise with grouped updates
  • Weekly schedule balances freshness with review burden

Testing

  • Configuration validated against Dependabot schema
  • Will be verified by Dependabot service once merged

🤖 Generated with Claude Code

@platinummonkey platinummonkey requested a review from a team as a code owner February 10, 2026 02:55
@platinummonkey platinummonkey changed the title add dependabot grouped updates chore(deps): add dependabot configuration for grouped updates Feb 10, 2026
@platinummonkey platinummonkey merged commit 13f2599 into main Feb 10, 2026
4 checks passed
@platinummonkey platinummonkey deleted the dependabot-upgrades branch February 10, 2026 02:56
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Feb 10, 2026

📊 Test Coverage Report

Overall Coverage: 75.1% Coverage

Threshold: 80% ❌

Coverage by Package 
## Coverage by Package

- github.com/DataDog/pup/pkg/auth/callback/server.go:40: 81.2%
- github.com/DataDog/pup/pkg/auth/dcr/client.go:28: 100.0%
- github.com/DataDog/pup/pkg/auth/dcr/types.go:24: 100.0%
- github.com/DataDog/pup/pkg/auth/oauth/client.go:22: 100.0%
- github.com/DataDog/pup/pkg/auth/oauth/pkce.go:24: 85.7%
- github.com/DataDog/pup/pkg/auth/storage/factory.go:53: 94.7%
- github.com/DataDog/pup/pkg/auth/storage/keychain.go:44: 42.9%
- github.com/DataDog/pup/pkg/auth/storage/storage.go:58: 71.4%
- github.com/DataDog/pup/pkg/auth/types/types.go:23: 100.0%
- github.com/DataDog/pup/pkg/client/client.go:28: 94.1%
- github.com/DataDog/pup/pkg/config/config.go:22: 100.0%
- github.com/DataDog/pup/pkg/formatter/formatter.go:31: 100.0%
- github.com/DataDog/pup/pkg/util/time.go:20: 95.8%

## Summary

total:								(statements)		75.1%

📈 Coverage Status: ❌ FAILED - Coverage below minimum threshold

Updated for commit 5a16669

platinummonkey added a commit that referenced this pull request Mar 26, 2026
@platinummonkey @claude
fix(security): replace serde_yml with serde_norway (GHSA-gfxp-f68g-8x78
9365c85 
…, GHSA-hhw4-xg65-fp2x)

serde_yml (<=0.0.12) and its dependency libyml (>=0.0.4) are unsound
and unmaintained — their GitHub projects have been archived. Replace
with serde_norway 0.9.42, a maintained fork of serde_yaml using
unsafe-libyaml-norway, which fixes both Dependabot alerts #8 and #9.

API is identical; only the crate name changes across formatter.rs,
config.rs, commands/alias.rs, and commands/idp.rs.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@platinummonkey