chore(dependabot): remove invalid ecosystems and tune schedules

[bhaskar2006-hub]

Proposed change

Fixed an issue in the port_scan module where invalid input caused the program to crash.
Added proper input validation and error handling.

Fixes #123 (if linked to issue)

Type of change

• New core framework functionality
• Bugfix (non-breaking change which fixes an issue)
• Code refactoring without any functionality changes
• New or existing module/payload change
• Documentation/localization improvement
• Test coverage improvement
• Dependency upgrade
• Other improvement (best practice, cleanup, optimization, etc)

Checklist

• I've followed the contributing guidelines
• I've run make pre-commit, it didn't generate any changes
• I've run make test, all tests passed locally

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Revised automated dependency management configuration to run weekly checks on Mondays at 06:00 UTC (previously daily) across multiple package ecosystems.
  • Implemented a limit on concurrent dependency update pull requests to improve project management workflow efficiency.

Walkthrough

The Dependabot configuration was updated to standardize dependency check schedules to weekly intervals on Mondays at 06:00 UTC. Ecosystem entries were reorganized, including converting a mix entry to docker, adding a new pip configuration for the docs directory, and removing the gitsubmodule entry.

Changes

Cohort / File(s)	Summary
Dependabot Configuration .github/dependabot.yml	Normalized schedules from daily to weekly with consistent timing (Monday 06:00 UTC). Reorganized package manifests: added new pip entry at /docs, converted mix entry to docker, removed gitsubmodule entry, and applied open-pull-requests-limit: 5 uniformly.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 4

❌ Failed checks (4 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title describes Dependabot schedule updates and ecosystem removals, but the PR description claims the changes fix input validation in the port_scan module.	The title and description describe completely different changes. Clarify whether this PR modifies Dependabot configuration or fixes the port_scan module, and ensure the title matches the actual changes.
Description check	⚠️ Warning	The description discusses fixing a port_scan module input validation bug, but the PR actually modifies Dependabot configuration files, making the description completely off-topic.	Update the description to accurately reflect the Dependabot configuration changes: schedule updates from daily to weekly, addition of open-pull-requests-limit, directory reorganization, and ecosystem changes.
Linked Issues check	⚠️ Warning	Issue #123 requests Codacy code quality improvements, but the PR modifies Dependabot configuration rather than addressing code quality issues detected by Codacy.	Either modify the PR to address the Codacy-reported code quality issues in the port_scan module, or update the linked issue if this PR is not intended to resolve issue #123.
Out of Scope Changes check	⚠️ Warning	The PR modifies Dependabot configuration, which is unrelated to the stated objective of fixing code quality issues in the port_scan module per issue #123.	Ensure changes align with the linked issue #123 objectives or update the PR objectives to clarify that Dependabot configuration is the intended scope.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR updates the repository’s Dependabot configuration to remove unused update ecosystems and to reduce update noise by moving schedules from daily to weekly.

Changes:

• Change Dependabot update schedules from daily to weekly (Monday 06:00 UTC) and cap open PRs to 5.
• Add a separate pip update entry for the /docs directory.
• Remove update entries for ecosystems that don’t apply to this repo (e.g., mix, gitsubmodule).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The PR description talks about fixing input validation in a port_scan module and references issue #123, but the actual change in this PR is only tuning Dependabot configuration. Please update the PR title/description (and any issue links) to accurately reflect the Dependabot schedule/ecosystem changes, or split this into the correct PR.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/dependabot.yml (1)

1-42: ⚠️ Potential issue | 🟠 Major

@bhaskar2006-hub please ensure all commits are signed before merge.

This PR will fail pre-merge checks if any commit is unsigned. For existing commits, re-sign and push with --force-with-lease; for future commits, enable default signing (git config commit.gpgsign true) and use a configured GPG/SSH signing key.

Based on learnings: When reviewing OWASP/Nettacker PRs, remind authors that unsigned commits fail pre-merge checks and provide signing instructions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/dependabot.yml around lines 1 - 42, The PR contains unsigned commits
that will fail pre-merge checks; re-sign all existing commits and force-push,
and add guidance for future commits: rebase/interactive-amend to sign each
commit (git commit --amend --no-edit -S or git rebase -i + git commit --amend
-S), then push with git push --force-with-lease; enable automatic signing for
future commits (git config commit.gpgsign true and git config user.signingkey
<KEY>) or configure SSH commit signing, and add a short note about required
signed commits to the PR description or CONTRIBUTING guidance so authors of
changes to the updates block (dependabot.yml / updates configuration) are
reminded.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/dependabot.yml:
- Around line 1-42: The PR contains unsigned commits that will fail pre-merge
checks; re-sign all existing commits and force-push, and add guidance for future
commits: rebase/interactive-amend to sign each commit (git commit --amend
--no-edit -S or git rebase -i + git commit --amend -S), then push with git push
--force-with-lease; enable automatic signing for future commits (git config
commit.gpgsign true and git config user.signingkey <KEY>) or configure SSH
commit signing, and add a short note about required signed commits to the PR
description or CONTRIBUTING guidance so authors of changes to the updates block
(dependabot.yml / updates configuration) are reminded.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b759d79 and 9548b8d.

📒 Files selected for processing (1)

• .github/dependabot.yml