Skip to content

Add Dependabot configuration for automated dependency updates#15

Merged
PhantomDave merged 2 commits into
mainfrom
copilot/add-dependabot-config
Nov 14, 2025
Merged

Add Dependabot configuration for automated dependency updates#15
PhantomDave merged 2 commits into
mainfrom
copilot/add-dependabot-config

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Nov 14, 2025
edited
Loading

Adds .github/dependabot.yml to automate dependency updates across all package ecosystems in the monorepo.

Configuration

  • NuGet (Monday): Three separate configs for Api, Data, and Library projects to track .NET dependencies independently
  • npm (Tuesday): Frontend dependencies with major Angular version updates ignored to prevent breaking changes
  • Docker (Wednesday): Base image updates for mcr.microsoft.com/dotnet/* and postgres:18-alpine
  • GitHub Actions (Thursday): Workflow action version updates

Each ecosystem uses:

  • 3-5 open PR limit to prevent noise
  • chore(deps) conventional commit prefix
  • Appropriate labels for filtering (dependencies, dotnet/npm/docker/github-actions, backend/frontend)

Updates are staggered across weekdays to distribute review load and CI resource usage.

Original prompt

Create a dependabot.yml file for auto-updates

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@PhantomDave
Add comprehensive dependabot.yml configuration
14efcbc 
Co-authored-by: PhantomDave <34485699+PhantomDave@users.noreply.github.com>
Copilot AI changed the title [WIP] Add dependabot configuration for auto-updates Add Dependabot configuration for automated dependency updates Nov 14, 2025
Copilot AI requested a review from PhantomDave November 14, 2025 16:20
@PhantomDave PhantomDave marked this pull request as ready for review November 14, 2025 16:20
Copilot AI review requested due to automatic review settings November 14, 2025 16:20
@PhantomDave PhantomDave merged commit ade69db into main Nov 14, 2025
6 checks passed
@PhantomDave PhantomDave deleted the copilot/add-dependabot-config branch November 14, 2025 16:21
Copilot AI reviewed Nov 14, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a comprehensive Dependabot configuration to automate dependency updates across all package ecosystems in the monorepo.

  • Configures weekly automated updates for NuGet, npm, Docker, and GitHub Actions dependencies
  • Implements safeguards to prevent disruptive Angular major version updates
  • Staggers update schedules across weekdays to distribute CI load and review effort

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@PhantomDave PhantomDave Awaiting requested review from PhantomDave

Assignees

@PhantomDave PhantomDave

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@PhantomDave