Skip to content

ci(dep): update dependabot configuration #2338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 16, 2025
Merged

ci(dep): update dependabot configuration #2338

merged 1 commit into from
Oct 16, 2025

Conversation

@vprashar2929
Copy link
Collaborator

@vprashar2929 vprashar2929 commented Oct 15, 2025
edited
Loading

This commit updates the existing dependabot configuration:

Changes include:

  • Explicitly set PR limits to 5
  • Add labels - All PRs will be tagged with:
    • dependencies (common label)
    • Ecosystem label (go, github-actions)

@github-actions github-actions bot added the ci Changes to the CI pipeline label Oct 15, 2025
@vprashar2929
ci(dep): update dependabot configuration
8984ab4 
This commit updates the existing dependabot configuration:

Changes include:
* Explicitly set PR limits to 5
* Add labels - All PRs will be tagged with:
  * `dependencies` (common label)
  * Ecosystem label (go, github-actions)

Signed-off-by: vprashar2929 <[email protected]>
SamYuan1990
SamYuan1990 reviewed Oct 15, 2025
View reviewed changes
.github/dependabot.yml
update-types: [version-update:semver-major, version-update:semver-minor]
commit-message:
include: scope
open-pull-requests-limit: 5
Copy link
Collaborator

@SamYuan1990 SamYuan1990 Oct 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need limit PR number to 5?
in an edge case, we meet this limitation and a new cve happens in one of our dependency.
a new patch is ready on upstream, can we benefits from https://github.com/sustainable-computing-io/kepler/security/dependabot to open a new PR as #2247 for now, over the limitation, having the 6 PRs and patched?

Copy link
Collaborator

@sthaha sthaha Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets start with 5 (since the PR is already mergable). If in future, we have to raise the number, we can deal with it then.

SamYuan1990
SamYuan1990 approved these changes Oct 15, 2025
View reviewed changes
Copy link
Collaborator

@SamYuan1990 SamYuan1990 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, leave comments.

sthaha
sthaha approved these changes Oct 16, 2025
View reviewed changes
.github/dependabot.yml
update-types: [version-update:semver-major, version-update:semver-minor]
commit-message:
include: scope
open-pull-requests-limit: 5
Copy link
Collaborator

@sthaha sthaha Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets start with 5 (since the PR is already mergable). If in future, we have to raise the number, we can deal with it then.

@sthaha sthaha merged commit 2213b38 into sustainable-computing-io:main Oct 16, 2025
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sthaha sthaha sthaha approved these changes

@SamYuan1990 SamYuan1990 SamYuan1990 approved these changes

Assignees

No one assigned

Labels

ci Changes to the CI pipeline

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vprashar2929 @sthaha @SamYuan1990