Feat: Added Dependbot

[DeepakNemad]

• Added Dependbot yml file for auto scan packages and raised the PR

Summary by CodeRabbit

• Chores
  • Enabled automated weekly dependency updates to maintain project stability and security.

[coderabbitai]

Warning

Rate limit exceeded

@DeepakNemad has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 58 minutes and 20 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 01c5baee-a256-40f6-a56a-17f763533675

📥 Commits

Reviewing files that changed from the base of the PR and between 81b70b1 and 32e53ce.

📒 Files selected for processing (1)

• Dockerfile

📝 Walkthrough

Walkthrough

Dependabot automation configuration is added to orchestrate weekly dependency updates across two ecosystems. NPM package updates run with a concurrency limit of 10 open pull requests; GitHub Actions updates run without a specific PR limit. Both are scheduled for Monday mornings in Asia/Kolkata timezone, targeting the main branch.

Changes

Dependabot Automation Configuration

Layer / File(s)	Summary
NPM Dependency Updates .github/dependabot.yml	NPM packages are updated weekly on Mondays at 09:00 Asia/Kolkata, capped at 10 open PRs, with minor versions grouped and labeled as dependencies/yarn using chore commit prefix.
GitHub Actions Updates .github/dependabot.yml	GitHub Actions workflows are updated weekly on Mondays at 09:00 Asia/Kolkata with minor versions grouped and labeled as dependencies using ci commit prefix.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Hop along, the bots will help,
Dependencies now sorted with a yelp,
Monday mornings, nine o'clock chimes,
Updates grouped in perfect times,
Minor tweaks, no breaking strain,
Automation eases maintainer's pain! 🌱

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Feat: Added Dependbot' is related to the main change but contains a typo ('Dependbot' instead of 'Dependabot') and lacks specificity about what was configured.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch Feat/dependbot-yaml

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/dependabot.yml (1)

7-12: 💤 Low value

Consider explicitly setting target-branch for consistency.

The GitHub Actions ecosystem configuration doesn't specify a target-branch, while the Yarn configuration explicitly targets "main". When omitted, Dependabot defaults to the repository's default branch. For consistency and clarity, consider adding target-branch: "main" to the GitHub Actions configuration as well.

📝 Suggested addition for consistency

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 10
+   target-branch: "main"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/dependabot.yml around lines 7 - 12, Add an explicit
target-branch for the GitHub Actions Dependabot entry: locate the dependabot.yml
block with package-ecosystem "github-actions" and add target-branch: "main"
under that entry so it matches the Yarn configuration and ensures Dependabot
opens updates against the main branch consistently.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/dependabot.yml:
- Around line 1-23: The dependabot configuration file (dependabot.yml) is placed
under the workflows folder and thus won't be picked up; move the dependabot.yml
containing the top-level "updates:" config out of the workflows directory into
the repository's .github root (i.e., .github/dependabot.yml) so GitHub
recognizes and runs Dependabot, and ensure the file content (version: 2 and the
updates: entries for "github-actions" and "yarn") remains unchanged.

---

Nitpick comments:
In @.github/workflows/dependabot.yml:
- Around line 7-12: Add an explicit target-branch for the GitHub Actions
Dependabot entry: locate the dependabot.yml block with package-ecosystem
"github-actions" and add target-branch: "main" under that entry so it matches
the Yarn configuration and ensures Dependabot opens updates against the main
branch consistently.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cd88c067-80db-4cd4-b4f8-9ce740f152ae

📥 Commits

Reviewing files that changed from the base of the PR and between 21b0336 and 080ba1b.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• .github/workflows/dependabot.yml

[sairanjit]

LGTM

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud