Skip to content

chore(deps): add Renovate for pixi.toml and pip-audit CVE scanning#297

Merged
mvillmow merged 1 commit into
mainfrom
119-auto-impl
May 10, 2026
Merged

chore(deps): add Renovate for pixi.toml and pip-audit CVE scanning#297
mvillmow merged 1 commit into
mainfrom
119-auto-impl

Conversation

@mvillmow
Copy link
Copy Markdown
Contributor

@mvillmow mvillmow commented May 4, 2026

Summary

  • Adds renovate.json at the repo root enabling Renovate's native pixi manager, grouped into a single monthly PR, targeting main, with the dependencies label and chore(deps): commit prefix
  • Adds a [feature.lint] block in pixi.toml with pip-audit>=2.7 as a dependency and a pip-audit --min-severity high task for proactive CVE scanning
  • No changes to .github/dependabot.yml — Docker/exporter coverage remains separate and correct

Test plan

  • renovate.json is valid JSON (verified with python3 -c "import json; json.load(...)")
  • pixi install succeeds for both default and lint environments
  • pixi run --environment lint pip-audit invokes the task correctly
  • After installing the Renovate GitHub App (github.com/apps/renovate), run renovate --dry-run=lookup HomericIntelligence/ProjectArgus to confirm pixi deps are discovered

Note: The Renovate GitHub App must be installed at the org/repo level for automated PRs to be opened automatically.

Closes #119

🤖 Generated with Claude Code

@mvillmow mvillmow enabled auto-merge (squash) May 5, 2026 00:53
@mvillmow mvillmow force-pushed the 119-auto-impl branch 6 times, most recently from 86a6d5e to aa4fe83 Compare May 10, 2026 03:53
@mvillmow @claude
chore(deps): add Renovate for pixi.toml and pip-audit CVE scanning
0566563 
- Add renovate.json enabling the Renovate pixi manager with monthly
  schedule and grouping all pixi build-tool deps into one PR
- Add [feature.lint] to pixi.toml with pip-audit>=2.7 dependency and
  a pip-audit --min-severity high task for proactive CVE scanning
- No changes to .github/dependabot.yml; Docker/exporter coverage
  remains separate and correct

Note: the Renovate GitHub App must be installed at the org/repo level
(github.com/apps/renovate) for automated PRs to be opened.

Closes #119
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@mvillmow mvillmow merged commit 17a98b8 into main May 10, 2026
15 of 20 checks passed
@mvillmow mvillmow deleted the 119-auto-impl branch May 10, 2026 03:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[MINOR] §6: Dependabot does not cover pixi.toml Python toolchain

1 participant

@mvillmow