Update dependabot settings

[dthaler]

Major version changes are by definition breaking changes and dependabot cannot change the things they break (e.g., the reason PR #398 failed tests). Non-major changes are backwards compatible and safe to update with dependabot.

Summary by CodeRabbit

• Chores
  • Streamlined automated dependency updates by consolidating multiple configurations into a single setup covering key areas.
  • Standardized the update cadence to a weekly schedule (Saturdays) for consistency.
  • Added a rule to ignore major version upgrades automatically to reduce breakage risk and noise.
  • No impact to user-facing features; this enhances reliability and maintainability of the update process.

[coderabbitai]

Walkthrough

Consolidates Dependabot NuGet configuration into a single entry covering multiple directories, adds a rule to ignore semver-major updates, and standardizes scheduling to weekly on Saturday. Removes separate daily entries for /Test and /TransferData.

Changes

Cohort / File(s)	Summary
Dependabot configuration /.github/dependabot.yml	Consolidated NuGet updates into one entry with directories: ["/OrcanodeMonitor", "/Test", "/TransferData"]; removed separate /Test and /TransferData entries; added ignore rule for all semver-major updates; retained weekly Saturday schedule; placed ignore block within the consolidated entry.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Scheduler as GitHub Schedule
  participant Dependabot as Dependabot
  participant Repos as Repo Dirs\n/OrcanodeMonitor, /Test, /TransferData
  participant PRs as Pull Requests

  Scheduler->>Dependabot: Weekly trigger (Saturday)
  Dependabot->>Repos: Scan NuGet dependencies
  Note over Dependabot,Repos: Apply ignore rule: skip semver-major updates
  Dependabot->>PRs: Create/update PRs for eligible updates
  PRs-->>Dependabot: Status feedback (success/fail)

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

Thump, thump—my paws approve this tune,
One list to rule the feeds by noon.
Majors ignored, no sudden leaps,
Weekly hops where Dependabot peeps.
Three burrows watched, neat and spry—
A tidy warren under Saturday sky. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Update dependabot settings" succinctly and accurately captures the main change in this PR—modifying .github/dependabot.yml to consolidate NuGet update entries and ignore semver-major updates—and it aligns with the PR description. It is a single, concise sentence that avoids extraneous detail and clearly signals the intent to teammates scanning history. Therefore the title is fully related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot-no-major

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

Updates dependabot configuration to exclude major version updates and consolidate NuGet package monitoring across multiple directories. Major version updates are excluded because they represent breaking changes that dependabot cannot automatically resolve.

• Consolidates three separate NuGet package ecosystem entries into a single entry covering all directories
• Adds ignore rule to exclude major version updates (semver-major) for all dependencies
• Changes update schedule from daily to weekly for NuGet packages

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/dependabot.yml (1)

28-30: Rename group for clarity.

Minor: the group name actions under the NuGet block can be confusing. Consider a neutral name like nuget-all to avoid implying it relates to GitHub Actions.

-    groups:
-      actions:
+    groups:
+      nuget-all:
         patterns:
           - "*"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 185188b and c31c699.

📒 Files selected for processing (1)

• .github/dependabot.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build_windows (Release)
• GitHub Check: build_windows (Debug)
• GitHub Check: Analyze (csharp)

🔇 Additional comments (2)

.github/dependabot.yml (2)

20-23: Use of directories looks correct; verify paths.

directories is a supported key to apply one config across multiple folders. Ensure these three paths are accurate and that there are no other NuGet update blocks targeting overlapping directories/branches. (docs.github.com)

---

31-34: Blocking semver-major updates is configured correctly.

The ignore rule with dependency-name: "*" and update-types: ["version-update:semver-major"] will suppress PRs for major version bumps while keeping security updates unaffected. This aligns with the PR goal. (docs.github.com)