From 6400516c894edf5851257097717530eb80d635ae Mon Sep 17 00:00:00 2001 From: KingPin <{ID}+{username}@users.noreply.github.com> Date: Sat, 11 Apr 2026 16:23:18 -0400 Subject: [PATCH 1/2] chore(deps): improve dependabot config with grouping and schedule - Switch from daily to weekly (Monday 04:00 UTC) to reduce noise - Add open-pull-requests-limit of 10 to handle 10+ tracked actions - Add conventional commit prefix chore(deps) - Group actions into docker-actions, security-actions, and github-actions to produce batched PRs instead of one per action --- .github/dependabot.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2c7d170..b372a38 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,4 +4,24 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" + interval: "weekly" + day: "monday" + time: "04:00" + timezone: "UTC" + open-pull-requests-limit: 10 + commit-message: + prefix: "chore(deps)" + groups: + docker-actions: + patterns: + - "docker/*" + security-actions: + patterns: + - "aquasecurity/*" + - "github/codeql-action*" + github-actions: + patterns: + - "actions/*" + - "gautamkrishnar/*" + - "gaurav-nelson/*" + - "DavidAnson/*" From df3c6583793b5c3e8c8d804759be708873ed684b Mon Sep 17 00:00:00 2001 From: KingPin <{ID}+{username}@users.noreply.github.com> Date: Wed, 29 Apr 2026 12:09:45 -0400 Subject: [PATCH 2/2] fix: narrow aquasecurity pattern to trivy-action only --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b372a38..eb515fc 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -17,7 +17,7 @@ updates: - "docker/*" security-actions: patterns: - - "aquasecurity/*" + - "aquasecurity/trivy-action" - "github/codeql-action*" github-actions: patterns: