Skip to content

Update workflows, Dependabot, and package metadata #300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 9, 2025
Merged

Update workflows, Dependabot, and package metadata #300

merged 1 commit into from
Sep 9, 2025

Conversation

@coliff
Copy link
Member

@coliff coliff commented Sep 9, 2025

Changed Dependabot update intervals and pull request limits, updated super-linter action to a specific commit, removed lockfileVersion from .npmrc, and fixed the repository URL in package.json.

@coliff
Update workflows, Dependabot, and package metadata
a269045 
Changed Dependabot update intervals and pull request limits, updated super-linter action to a specific commit, removed lockfileVersion from .npmrc, and fixed the repository URL in package.json.
@coliff coliff requested a review from Copilot September 9, 2025 13:26
Copilot AI reviewed Sep 9, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates project configuration and maintenance settings, including Dependabot configuration changes, workflow updates for better security, and package metadata corrections.

  • Modified Dependabot update intervals and pull request limits to reduce maintenance overhead
  • Updated super-linter action to use a specific commit hash for better security
  • Cleaned up package.json repository URL and removed unnecessary .npmrc configuration

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
package.json Fixed repository URL format by removing git+ prefix
.npmrc Removed lockfileVersion configuration setting
.github/workflows/super-linter.yml Updated super-linter to use specific commit hash instead of tag
.github/dependabot.yml Changed GitHub Actions update interval to monthly and reduced npm pull request limits to 1

gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 9, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request contains several maintenance updates, including adjusting Dependabot's configuration, cleaning up the .npmrc file, and correcting the repository URL format in package.json. While most changes are beneficial for maintainability, I have one suggestion regarding the Dependabot schedule for GitHub Actions. Changing the update interval from weekly to monthly could delay important security patches, and I've recommended reverting this specific change to maintain a stronger security posture.

@coliff coliff merged commit 78d6ce4 into main Sep 9, 2025
14 checks passed
@coliff coliff deleted the dev/coliff/config-updates branch September 9, 2025 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coliff