fix dependabot config

[kernelsam]

No description provided.

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Summary

This PR changes the Dependabot cooldown configuration from exclude-patterns to exclude in the .github/dependabot.yml file. This appears to be a fix for incorrect Dependabot configuration syntax.

---

Review Checklist Results

Code Quality

• ✅ Code follows style guide: Configuration file changes are straightforward and follow YAML conventions. (Unable to fetch style guide due to permission restrictions, but the change appears syntactically correct)
• ✅ No commented-out code: No commented code present
• ✅ Meaningful variable names: Configuration keys are clear and standard Dependabot syntax
• ✅ DRY principle followed: The change is applied consistently to both package ecosystems (github-actions and pip)
• ✅ Identify Defects: This change fixes a defect. The original configuration used exclude-patterns which is not valid Dependabot syntax. The correct field is exclude. This fix should resolve any Dependabot configuration errors.
• ⚠️ Project memory: No .claude/CLAUDE.md file exists in this repository

Testing

• ⚠️ Unit tests for new functions: N/A - This is a configuration file change
• ⚠️ Integration tests for new endpoints: N/A - No code changes
• ⚠️ Edge cases covered: N/A - Configuration change
• ⚠️ Test coverage > 80%: N/A - No testable code changes

Note: While automated tests don't apply here, this change should be validated by:

1. Verifying Dependabot runs successfully after merge
2. Confirming that cooldown exclusions work as expected for senzing-factory/* dependencies

Documentation

• ✅ Readme updated if needed: Not required for internal configuration fix
• ✅ API docs updated: N/A - No API changes
• ✅ Inline comments for complex logic: N/A - Configuration is self-explanatory
• ❌ CHANGELOG.md updated: No CHANGELOG.md update found. This bug fix should be documented.
• ✅ Markdown files follow CommonMark: No markdown changes in this PR

Security

• ✅ No hardcoded credentials: No credentials present
• ✅ Input validation implemented: N/A - Configuration file
• ✅ Proper error handling: N/A - Configuration file
• ✅ No sensitive data in logs: No sensitive data
• ✅ No license files (.lic) or AQAAAD strings: None found

---

Issues Found

Critical

None

High

None

Medium

• ❌ Missing CHANGELOG entry (.github/dependabot.yml:8, :22): This bug fix should be documented in CHANGELOG.md with an entry describing the correction from exclude-patterns to exclude

Low

None

---

Recommendations

1. Add CHANGELOG entry: Document this fix with something like:

   ### Fixed
   - Corrected Dependabot cooldown configuration from invalid `exclude-patterns` to proper `exclude` syntax

2. Verification: After merging, monitor that Dependabot:

   • Runs without configuration errors
   • Properly applies the 21-day cooldown
   • Correctly excludes senzing-factory/* packages from cooldown

---

Overall Assessment

APPROVED with minor suggestion ✅

This is a valid bug fix that corrects invalid Dependabot configuration syntax. The change is:

• Syntactically correct
• Consistently applied to both package ecosystems
• Addresses the commit message "fix dependabot config"

The only missing piece is a CHANGELOG entry to document this fix for future reference.

Automated code review analyzing defects and coding standards

[github-actions]

Super-linter summary

Language	Validation result
CHECKOV	Pass ✅
GITHUB_ACTIONS_ZIZMOR	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSCPD	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅
YAML	Pass ✅
YAML_PRETTIER	Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter