Skip to content

chore(ci): dependabot enhancements — cooldown, labels, CC prefix, security group#19

Merged
Exploitacious merged 1 commit intomainfrom
chore/dependabot-enhancements
May 1, 2026
Merged

chore(ci): dependabot enhancements — cooldown, labels, CC prefix, security group#19
Exploitacious merged 1 commit intomainfrom
chore/dependabot-enhancements

Conversation

@Exploitacious
Copy link
Copy Markdown
Owner

@Exploitacious Exploitacious commented May 1, 2026

Layer of Dependabot polish on top of the grouped config:

  • Cooldown: 5-day default (7 for Terraform) waits past freshly-yanked / quickly-superseded releases.
  • open-pull-requests-limit: 10 — gives breathing room since groups already collapse weekly noise.
  • commit-message.prefix: chore(deps) (chore(deps-dev) for development deps, include: scope) keeps Dependabot subjects compliant with each repo's Conventional-Commits enforcement.
  • labels: [dependencies, <ecosystem>] auto-tags PRs for filter views.
  • security: group with applies-to: security-updates so out-of-cycle CVE bumps land as one PR per ecosystem instead of fragmenting across directories.

@Exploitacious
chore(ci): dependabot enhancements — cooldown, labels, CC prefix, sec…
90a642d 
…urity group

5-day cooldown + open-pull-requests-limit=10 + chore(deps) prefix +
dependencies/<ecosystem> labels + security-updates group. Also
ignores Astro major version bumps until a deliberate upgrade.
@Exploitacious Exploitacious merged commit 3fcb7d1 into main May 1, 2026
@Exploitacious Exploitacious deleted the chore/dependabot-enhancements branch May 1, 2026 22:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Exploitacious