Skip to content

MAINT: add dependabot configuration#1835

Merged
spencrr merged 2 commits into
microsoft:mainfrom
spencrr:dev/spencrr/dependabot
May 29, 2026
Merged

MAINT: add dependabot configuration#1835
spencrr merged 2 commits into
microsoft:mainfrom
spencrr:dev/spencrr/dependabot

Conversation

@spencrr
Copy link
Copy Markdown
Contributor

@spencrr spencrr commented May 29, 2026
edited
Loading

Description

Adds .github/dependabot.yml to enable automated dependency update PRs, modeled on the configuration in microsoft/RAMPART and adapted to PyRIT's stack.

Ecosystems covered:

  • uv at / — updates pyproject.toml + uv.lock together
  • npm at /frontend
  • github-actions at /
  • pre-commit at /
  • docker at /docker and /.devcontainer
  • devcontainers at /

Conventions:

  • Weekly schedule
  • Commit/PR prefix MAINT (per PULL_REQUEST_TEMPLATE.md)
  • Minor + patch updates grouped per ecosystem to reduce PR noise; majors still come as individual PRs
  • Reviews auto-requested from @microsoft/ai-red-team-dev

No ignore rules and no target-branch override (defaults to main).

Tests and Documentation

No code changes; configuration-only. YAML validated locally. Behavior will be observable once merged via PRs opened by the Dependabot bot. No JupyText runs applicable.

@spencrr spencrr requested review from Copilot and romanlutz May 29, 2026 20:57
Copilot AI reviewed May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds Dependabot configuration for PyRIT so dependency updates can be raised automatically across Python, frontend, workflow, hook, Docker, and devcontainer ecosystems.

Changes:

  • Adds weekly Dependabot update entries for uv, npm, GitHub Actions, pre-commit, Docker, and devcontainers.
  • Applies MAINT commit prefixes and requests review from microsoft/ai-red-team-dev.
  • Groups minor and patch updates for most configured ecosystems.

Comment thread .github/dependabot.yml
Comment thread .github/dependabot.yml
Comment thread .github/dependabot.yml
spencrr added 2 commits May 29, 2026 14:12
@spencrr
MAINT: add dependabot configuration
4e96b47 
Configures Dependabot for uv, npm (frontend), GitHub Actions,
pre-commit, Docker, and devcontainers. Weekly cadence, grouped
minor/patch updates, reviews requested from microsoft/ai-red-team-dev.
@spencrr
add groups to devcontainers too
caa1823
@spencrr spencrr force-pushed the dev/spencrr/dependabot branch from 2c40000 to caa1823 Compare May 29, 2026 21:13
@spencrr spencrr added this pull request to the merge queue May 29, 2026
Merged via the queue into microsoft:main with commit 919fcd9 May 29, 2026
48 checks passed
@spencrr spencrr deleted the dev/spencrr/dependabot branch May 29, 2026 22:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@romanlutz romanlutz romanlutz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@spencrr @romanlutz