Skip to content

ci: add Dependabot config for bundler and GitHub Actions#202

Merged
mmcky merged 1 commit into
mainfrom
fix/93-dependabot-config
May 5, 2026
Merged

ci: add Dependabot config for bundler and GitHub Actions#202
mmcky merged 1 commit into
mainfrom
fix/93-dependabot-config

Conversation

@mmcky
Copy link
Copy Markdown
Collaborator

@mmcky mmcky commented May 5, 2026

Summary

Adds .github/dependabot.yml to enable automated dependency update PRs. The original jQuery XSS alerts raised in #93 have already been resolved; this config ensures future vulnerabilities and updates are surfaced automatically.

What's configured

Ecosystem Directory Schedule
bundler / Weekly — keeps Jekyll gems (Gemfile.lock) current
github-actions / Weekly — keeps workflow action versions current (e.g. actions/checkout, ruby/setup-ruby)

No npm/yarn ecosystem is needed — the repo has no package.json.

Closes #93

@mmcky
ci: add Dependabot config for bundler and GitHub Actions (#93)
af0fcb6 
Enables automated dependency update PRs for:
- bundler: weekly updates for Jekyll gems (Gemfile/Gemfile.lock)
- github-actions: weekly updates for workflow action versions

The original jQuery XSS alerts have already been resolved. This config
ensures future dependency updates are surfaced automatically rather than
requiring manual monitoring.

Closes #93
Copilot AI review requested due to automatic review settings May 5, 2026 03:34
@netlify
Copy link
Copy Markdown

netlify Bot commented May 5, 2026
edited
Loading

Deploy Preview for grand-swan-ca5201 ready!

Name Link
🔨 Latest commit af0fcb6
🔍 Latest deploy log https://app.netlify.com/projects/grand-swan-ca5201/deploys/69f9653fc5c80e000866b112
😎 Deploy Preview https://deploy-preview-202--grand-swan-ca5201.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a Dependabot configuration to the QuantEcon Jekyll website repo so automated PRs are opened for routine dependency updates (Ruby gems and GitHub Actions), helping keep security fixes and version bumps visible over time.

Changes:

  • Added Dependabot updates for bundler at repo root (Gemfile.lock) on a weekly schedule.
  • Added Dependabot updates for github-actions at repo root (.github/workflows/*) on a weekly schedule.

@mmcky mmcky merged commit 13750a9 into main May 5, 2026
9 checks passed
@mmcky mmcky deleted the fix/93-dependabot-config branch May 5, 2026 03:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix Dependabot jQuery XSS potential vulnerabilities

2 participants

@mmcky