Skip to content

Add a Dependabot configuration for the npm package ecosystem#99

Merged
mcdonnnj merged 1 commit intodevelopfrom
improvement/update_dependabot_configuration
Mar 2, 2026
Merged

Add a Dependabot configuration for the npm package ecosystem#99
mcdonnnj merged 1 commit intodevelopfrom
improvement/update_dependabot_configuration

Conversation

@mcdonnnj
Copy link
Member

@mcdonnnj mcdonnnj commented Mar 2, 2026

🗣 Description

This pull request adds a configuration for Dependabot to check npm dependencies weekly.

💭 Motivation and context

This was not done when this project was converted to a JavaScript project in #80. Dependabot has done some PRs for JavaScript dependencies, but I believe we should have an explicit configuration appropriate for the project.

🧪 Testing

Automated tests pass.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

@mcdonnnj
Add a Dependabot configuration for npm
02492a4 
This was not done when this project was converted to a JavaScript
project in #80. This rectifies that oversight so Dependabot will update
the project's dependencies.
@mcdonnnj mcdonnnj requested a review from Copilot March 2, 2026 20:20
@mcdonnnj mcdonnnj self-assigned this Mar 2, 2026
@mcdonnnj mcdonnnj requested review from dav3r, felddy and jsf9k as code owners March 2, 2026 20:20
@mcdonnnj mcdonnnj added improvement This issue or pull request will add or improve functionality, maintainability, or ease of use dependencies Pull requests that update a dependency file labels Mar 2, 2026
@mcdonnnj mcdonnnj enabled auto-merge March 2, 2026 20:20
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds an explicit Dependabot configuration entry for the npm package ecosystem to ensure JavaScript dependencies are checked weekly.

Changes:

  • Added a new npm package ecosystem entry to the existing Dependabot configuration

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

dav3r
dav3r approved these changes Mar 2, 2026
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@mcdonnnj mcdonnnj merged commit b896670 into develop Mar 2, 2026
16 checks passed
@mcdonnnj mcdonnnj deleted the improvement/update_dependabot_configuration branch March 2, 2026 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jsf9k jsf9k jsf9k approved these changes

@dav3r dav3r dav3r approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

Assignees

@mcdonnnj mcdonnnj

Labels

dependencies Pull requests that update a dependency file improvement This issue or pull request will add or improve functionality, maintainability, or ease of use

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mcdonnnj @jsf9k @dav3r