Commit 134dfb8
* Dependabot: cover Python deps (uv); retire the broken uv-upgrade bot
dependabot.yml only watched github-actions, so Python dependencies were
unmanaged by Dependabot. The home-grown uv-upgrade.yml bot filled that gap
but its PRs can never trigger CI (GITHUB_TOKEN-opened PRs don't fire
workflows), so branch protection blocked them indefinitely (#416).
Add the `uv` package-ecosystem to dependabot.yml (grouped into one PR) and
remove uv-upgrade.yml. Dependabot-opened PRs run CI normally and it manages
uv.lock natively. Closes #416.
GitHub-settings security is already on (Dependabot alerts + security updates,
secret scanning, push protection); this fills the version-update gap.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* Fix dependabot.yml comment to match grouped behavior
The python-deps group batches all updates into one PR; the comment
incorrectly said per-dependency PRs (Copilot review). Grouping is intended
(mirrors the old bulk uv-upgrade, less noise).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 1431939 commit 134dfb8
2 files changed
Lines changed: 18 additions & 35 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
| 3 | + | |
3 | 4 | | |
4 | 5 | | |
5 | 6 | | |
6 | 7 | | |
7 | 8 | | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
This file was deleted.
0 commit comments