chore(dependabot): Include GitHub Actions in Dependabot config #274
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mcmire
approved these changes
Oct 30, 2025
Contributor
mcmire
left a comment
mcmire
left a comment
There was a problem hiding this comment.
Did not know you could do this. Sounds great to me.
4 tasks
Mrtenz
added a commit
to MetaMask/core
that referenced
this pull request
Oct 31, 2025
## Explanation This adds `actions/*` and `MetaMask/*` to the Dependabot config, ensuring we keep these actions up to date as well. I've limited it to these two, since we do use some other actions which are usually pinned to a specific hash, and require explicit approval to be used first. ## References MetaMask/metamask-module-template#274 ## Checklist - [ ] I've updated the test suite for new or updated code as appropriate - [ ] I've updated documentation (JSDoc, Markdown, etc.) for new or updated code as appropriate - [ ] I've communicated my changes to consumers by [updating changelogs for packages I've changed](https://github.com/MetaMask/core/tree/main/docs/contributing.md#updating-changelogs), highlighting breaking changes as necessary - [ ] I've prepared draft pull requests for clients and consumer packages to resolve any breaking changes <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Adds Dependabot config for GitHub Actions with daily 06:00 runs on main, allowing MetaMask/* and actions/*, and capping open PRs at 10. > > - **Dependabot configuration**: > - **GitHub Actions updates**: Add `package-ecosystem: github-actions` with daily schedule at `06:00`, targeting `main`. > - Allow only `MetaMask/*` and `actions/*`. > - Set `open-pull-requests-limit` to `10`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 92188fd. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This was referenced Nov 19, 2025
Mrtenz
added a commit
to MetaMask/action-retry-command
that referenced
this pull request
Nov 19, 2025
This adds `actions/*` and `MetaMask/*` to the Dependabot config, ensuring we keep these actions up to date. I've limited it to these two, since we do use some other actions which are usually pinned to a specific hash, and require explicit approval to be used first. See MetaMask/metamask-module-template/pull/274 for reference. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Add Dependabot config to update GitHub Actions (MetaMask/*, actions/*) daily on main. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit fc1fd12. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
Mrtenz
added a commit
to MetaMask/action-checkout-and-setup
that referenced
this pull request
Nov 19, 2025
<!-- Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes: * What is the current state of things and why does it need to change? * What is the solution your changes offer and how does it work? Are there any issues or other links reviewers should consult to understand this pull request better? For instance: * Fixes #12345 * See: #67890 --> This adds `actions/*` and `MetaMask/*` to the Dependabot config, ensuring we keep these actions up to date. I've limited it to these two, since we do use some other actions which are usually pinned to a specific hash, and require explicit approval to be used first. See MetaMask/metamask-module-template/pull/274 for reference. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Adds Dependabot config to update GitHub Actions (MetaMask/* and actions/*) daily on main. > > - **Dependabot**: > - Add `github-actions` ecosystem in `.github/dependabot.yml`. > - Allows `MetaMask/*` and `actions/*`. > - Scheduled daily at `06:00`, targets `main`, PR limit `10`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit d672cfb. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds
actions/*andMetaMask/*to the Dependabot config, ensuring we keep these actions up to date as well. I've limited it to these two, since we do use some other actions which are usually pinned to a specific hash, and require explicit approval to be used first.Note
Adds a Dependabot update block for GitHub Actions, allowing MetaMask/* and actions/* with a daily schedule.
/.github/dependabot.yml:github-actionsupdate configuration with daily schedule, targetingmain, allowingMetaMask/*andactions/*, usingincrease-if-necessary, and limiting open PRs to 10.Written by Cursor Bugbot for commit 394e989. This will update automatically on new commits. Configure here.