Configure Dependabot for npm and GitHub Actions

[hawkeyexl]

Added npm and GitHub Actions package ecosystems for Dependabot updates.

Summary by CodeRabbit

• Chores
  • Configured automated weekly dependency updates for GitHub Actions and npm packages.

[coderabbitai]

Walkthrough

A new Dependabot configuration file is added to enable automated dependency updates. The configuration specifies weekly update schedules for GitHub Actions and npm packages, establishing a consistent maintenance routine for project dependencies.

Changes

Cohort / File(s)	Summary
Dependabot Configuration .github/dependabot.yml	Adds Dependabot v2 configuration with weekly update schedules for GitHub Actions and npm package managers.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A rabbit hops with glee so bright,
Dependencies fresh, kept up-to-date each night,
Dependabot configured with care,
Weekly updates floating through the air! 🚀✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly summarizes the main change: adding Dependabot configuration for npm and GitHub Actions, which matches the actual changeset that adds a .github/dependabot.yml file with these two ecosystems.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🌿 Preview your docs: https://doc-detective-preview-5fa4a92d-df95-4665-9681-41011732325e.docs.buildwithfern.com

[Copilot]

Pull request overview

This PR adds Dependabot version update configuration to automate dependency updates for both npm packages and GitHub Actions workflows. The configuration enables weekly automated checks for dependency updates in both ecosystems.

Changes:

• Added .github/dependabot.yml with npm and GitHub Actions package ecosystem configurations

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (1)

.github/dependabot.yml (1)

10-15: Consider pinning schedule day/time/timezone for predictable update windows.

interval: "weekly" works, but adding day, time, and timezone helps avoid noisy PR timing and makes maintenance windows explicit.

Suggested refinement

 version: 2
 updates:
   - package-ecosystem: "github-actions" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"
   - package-ecosystem: "npm" # See documentation for possible values
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "UTC"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/dependabot.yml around lines 10 - 15, The dependabot schedule
currently only uses interval: "weekly"; update the schedule blocks (the
schedule: mapping associated with package-ecosystem/npm and any other
package-ecosystem entries) to include explicit day, time, and timezone keys
(e.g., add day: "monday", time: "03:00", timezone: "UTC" or your chosen values)
so weekly updates run at a predictable window; ensure each package-ecosystem
block that has schedule: interval: "weekly" is updated (look for the schedule
and package-ecosystem keys in the diff) and keep the interval key while adding
the new day/time/timezone fields.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/dependabot.yml:
- Around line 10-15: The dependabot schedule currently only uses interval:
"weekly"; update the schedule blocks (the schedule: mapping associated with
package-ecosystem/npm and any other package-ecosystem entries) to include
explicit day, time, and timezone keys (e.g., add day: "monday", time: "03:00",
timezone: "UTC" or your chosen values) so weekly updates run at a predictable
window; ensure each package-ecosystem block that has schedule: interval:
"weekly" is updated (look for the schedule and package-ecosystem keys in the
diff) and keep the interval key while adding the new day/time/timezone fields.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb613df and 2e340b1.

📒 Files selected for processing (1)

• .github/dependabot.yml