Skip to content

Update dependabot configuration#3493

Merged
arkid15r merged 1 commit into
vacanza:devfrom
arkid15r:ark/update-dependabot-config
Apr 3, 2026
Merged

Update dependabot configuration#3493
arkid15r merged 1 commit into
vacanza:devfrom
arkid15r:ark/update-dependabot-config

Conversation

@arkid15r

@arkid15r arkid15r commented Apr 2, 2026

Copy link
Copy Markdown
Collaborator

Proposed change

Changes

  • 21-day cooldown for version updates on both the uv and github-actions ecosystems. New releases are only proposed after they have been out for three weeks. Cooldown applies to version updates only; it does not apply to Dependabot security updates.
  • Grouped version updates via a version-updates group with applies-to: version-updates and pattern '*', so routine dependency bumps are combined into one PR per ecosystem instead of many small ones. Security updates stay on their own PRs unless you add a separate security group later.
  • YAML style: top-level keys after package-ecosystem are ordered alphabetically (cooldown, directory, groups, schedule, target-branch); nested schedule keys use day then interval; string literals use single quotes.

Type of change

  • New country/market holidays support (thank you!)
  • Supported country/market holidays update (calendar discrepancy fix, localization)
  • Existing code/documentation/test/process quality improvement (best practice, cleanup, refactoring, optimization)
  • Dependency update (version deprecation/pin/upgrade)
  • Bugfix (non-breaking change which fixes an issue)
  • Breaking change (a code change causing existing functionality to break)
  • New feature (new holidays functionality in general)

Checklist

@coderabbitai

coderabbitai Bot commented Apr 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 61ebcb6a-258d-4a5a-9087-496e3fcd9d68

📥 Commits

Reviewing files that changed from the base of the PR and between cf0afe0 and 3c2bcac.

📒 Files selected for processing (1)
  • .github/dependabot.yml

Summary by CodeRabbit

  • Chores
    • Updated dependency management configuration to optimize update scheduling and grouping of version updates with a 21-day cooldown period.

Walkthrough

The Dependabot configuration was updated to add a 21-day cooldown period and create a version-updates group for coordinating dependency updates. The package-ecosystem entries were reordered with github-actions appearing first and uv second, while maintaining existing directory and branch settings.

Changes

Cohort / File(s) Summary
Dependabot Configuration
.github/dependabot.yml		 Added 21-day cooldown period, created version-updates group to coordinate dependency updates, reordered package-ecosystem entries (github-actions first, uv second), maintained directory and branch settings across both entries.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

ci

Suggested reviewers

  • KJhellico
  • PPsyrius
🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title directly and clearly describes the main change—updating the Dependabot configuration file with new cooldown, grouping, and style improvements.
Description check ✅ Passed The description is well-related to the changeset, detailing the three main updates: 21-day cooldown, version-update grouping, and YAML style standardization.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud

sonarqubecloud Bot commented Apr 2, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov

codecov Bot commented Apr 2, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (4368ea6) to head (3c2bcac).
⚠️ Report is 10 commits behind head on dev.

Additional details and impacted files 
@@            Coverage Diff            @@
##               dev     #3493   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files          312       312           
  Lines        18644     18644           
  Branches      2383      2383           
=========================================
  Hits         18644     18644

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@arkid15r arkid15r marked this pull request as ready for review April 3, 2026 00:18
@arkid15r arkid15r enabled auto-merge April 3, 2026 00:18
PPsyrius
PPsyrius approved these changes Apr 3, 2026
View reviewed changes

@PPsyrius PPsyrius left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🛠️

This is pretty warranted considering all the recent supply-chain attacks

@arkid15r arkid15r added this pull request to the merge queue Apr 3, 2026
Merged via the queue into vacanza:dev with commit 69e72fb Apr 3, 2026
32 checks passed
@arkid15r arkid15r deleted the ark/update-dependabot-config branch April 3, 2026 03:36
@coderabbitai coderabbitai Bot mentioned this pull request Apr 3, 2026
Merged
9 tasks
@KJhellico KJhellico mentioned this pull request Apr 6, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PPsyrius PPsyrius PPsyrius approved these changes

@KJhellico KJhellico Awaiting requested review from KJhellico KJhellico is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arkid15r @PPsyrius