chore: added dependabot

[egordidenko]

Description

Checklist

• Tests (if applicable)
• Documentation (if applicable)
• Changelog stub (or use conventional commit messages)

Summary by CodeRabbit

• Chores
  • Enabled automated dependency updates for npm packages to keep the app current with fixes and security patches.
  • Scheduled daily checks to streamline maintenance and reduce technical debt.
  • Improves reliability and security over time with minimal manual intervention.
  • No changes to user-facing functionality or UI.

[coderabbitai]

Walkthrough

Introduces Dependabot configuration to automate npm dependency updates at repository root, scheduled daily, allowing updates for @uploadcare/file-uploader, using versioning strategy “increase,” and assigning PRs to egordidenko and nd0ut.

Changes

Cohort / File(s)	Summary
Dependabot Configuration /.github/dependabot.yml	Adds Dependabot v2 config: ecosystem npm at /, daily schedule, allow list for @uploadcare/file-uploader, versioning-strategy: increase, assignees: egordidenko, nd0ut.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/ci-dependabot

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR adds Dependabot configuration to automatically manage dependency updates for the project. It sets up daily automated dependency checking specifically for the @uploadcare/file-uploader package with automatic version increases and assigns updates to specific team members.

• Introduces Dependabot automation for npm dependency management
• Configures daily schedule for dependency updates
• Restricts updates to a specific package with designated assignees

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Using 'allow' with a single dependency severely limits Dependabot's effectiveness. Consider using 'ignore' to exclude specific packages instead, or remove the 'allow' section entirely to enable updates for all dependencies.

Suggested change

- dependency-name: "@uploadcare/file-uploader"

[Copilot]

[nitpick] Daily dependency updates can create excessive noise and PR volume. Consider using 'weekly' or 'monthly' interval to balance security updates with manageable PR frequency.

Suggested change

	interval: "daily"
	interval: "weekly"

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

.github/dependabot.yml (5)

7-9: Allow-list limits updates to a single dependency. Verify intent.

With allow set to just "@uploadcare/file-uploader", Dependabot won’t open PRs for other dependencies or transitive security advisories. If you intended general updates, remove the allow block.

Apply this diff to allow all dependencies:

-    allow:
-      - dependency-name: "@uploadcare/file-uploader"

If you want both targeted updates and security fixes broadly, keep this entry and add a second updates block with security-only scope.

---

9-9: Double-check versioning strategy aligns with repo goals.

• increase: bumps package.json ranges (more churn, latest features). Current choice.
• lockfile-only: stabilizes package.json and updates only lockfiles (good for examples/tutorials).
• widen: relaxes range specifiers (less common).

If the examples should remain within declared ranges, consider lockfile-only.

---

5-6: Optional: Specify time and timezone to control PR noise.

Setting a time and timezone helps schedule updates off-hours.

Apply this diff:

     schedule:
       interval: "daily"
+      time: "04:00"
+      timezone: "UTC"

---

10-12: Add labels and commit-message prefix to match conventional commits.

This repo appears to use conventional commits. Adding labels and commit-message config keeps history consistent and filtering easier.

Apply this diff:

     assignees:
       - egordidenko
       - nd0ut
+    labels:
+      - dependencies
+    commit-message:
+      prefix: "chore(deps)"
+      include: "scope"

Optionally add reviewers alongside assignees:

    reviewers:
      - egordidenko
      - nd0ut

---

1-12: Consider adding GitHub Actions updates.

Most repos also enable updates for actions. Add a second entry:

 version: 2
 updates:
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
     allow:
       - dependency-name: "@uploadcare/file-uploader"
     versioning-strategy: increase
     assignees:
       - egordidenko
       - nd0ut
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      time: "04:00"
+      timezone: "UTC"
+    labels:
+      - dependencies
+      - github-actions

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fd07f59 and f699211.

📒 Files selected for processing (1)

• .github/dependabot.yml (1 hunks)

🔇 Additional comments (1)

.github/dependabot.yml (1)

1-12: LGTM: Valid Dependabot v2 config for npm at repo root.

The YAML is well-formed. Scoped package is correctly quoted, daily cadence is valid, and the versioning strategy "increase" is supported.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Confirm monorepo coverage: Dependabot scans only the root directory.

If this repo contains multiple example apps with their own package.json files in subdirectories, this config will miss them. Dependabot requires one updates entry per directory.

Run to discover package.json locations and lockfiles:

If multiple package.json files are found outside the root, add an updates entry per directory, for example:

- package-ecosystem: npm
  directory: "/path/to/example-1"
  schedule:
    interval: daily

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "All package.json files:"
fd -t f -g "package.json"

echo
echo "Non-root package.json files (likely need their own dependabot entry):"
fd -t f -g "package.json" | sed -n '/^[^/]*$/!p'

echo
echo "Detected lockfiles (to infer package manager usage):"
fd -t f -g "package-lock.json" -g "npm-shrinkwrap.json" -g "yarn.lock" -g "pnpm-lock.yaml" -g "bun.lockb"

Length of output: 1510

---

Add Dependabot entries for each example app subdirectory

Dependabot is currently configured to scan only the repo root, but this project contains multiple package.json files under examples/. You need one updates entry per directory to cover all sub‐projects.

Affected file: .github/dependabot.yml (around lines 3–4)

Subdirectories requiring their own entries:

• /examples/angular-uploader
• /examples/js-custom-tab
• /examples/js-uploader
• /examples/next-uploader
• /examples/next-uploader-adapter
• /examples/react-uploader
• /examples/react-uploader-adapter
• /examples/svelte-uploader
• /examples/vue-uploader

Suggested diff:

   updates:
-  - package-ecosystem: "npm"
-    directory: "/"
+  - package-ecosystem: "npm"
+    directory: "/"
     schedule:
       interval: "daily"
+
+  # Add one entry per example app
+  - package-ecosystem: "npm"
+    directory: "/examples/angular-uploader"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/examples/js-custom-tab"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/examples/js-uploader"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/examples/next-uploader"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/examples/next-uploader-adapter"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/examples/react-uploader"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/examples/react-uploader-adapter"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/examples/svelte-uploader"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/examples/vue-uploader"
+    schedule:
+      interval: "daily"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- package-ecosystem: "npm"
	directory: "/"
	updates:
	- package-ecosystem: "npm"
	directory: "/"
	schedule:
	interval: "daily"
	# Add one entry per example app
	- package-ecosystem: "npm"
	directory: "/examples/angular-uploader"
	schedule:
	interval: "daily"
	- package-ecosystem: "npm"
	directory: "/examples/js-custom-tab"
	schedule:
	interval: "daily"
	- package-ecosystem: "npm"
	directory: "/examples/js-uploader"
	schedule:
	interval: "daily"
	- package-ecosystem: "npm"
	directory: "/examples/next-uploader"
	schedule:
	interval: "daily"
	- package-ecosystem: "npm"
	directory: "/examples/next-uploader-adapter"
	schedule:
	interval: "daily"
	- package-ecosystem: "npm"
	directory: "/examples/react-uploader"
	schedule:
	interval: "daily"
	- package-ecosystem: "npm"
	directory: "/examples/react-uploader-adapter"
	schedule:
	interval: "daily"
	- package-ecosystem: "npm"
	directory: "/examples/svelte-uploader"
	schedule:
	interval: "daily"
	- package-ecosystem: "npm"
	directory: "/examples/vue-uploader"
	schedule:
	interval: "daily"

🤖 Prompt for AI Agents

.github/dependabot.yml around lines 3-4: Dependabot is only configured to scan
the repo root; add one updates entry per example subdirectory listed
(examples/angular-uploader, examples/js-custom-tab, examples/js-uploader,
examples/next-uploader, examples/next-uploader-adapter, examples/react-uploader,
examples/react-uploader-adapter, examples/svelte-uploader,
examples/vue-uploader) using package-ecosystem: "npm" and directory set to the
subpath (e.g. "/examples/angular-uploader"), and include the desired schedule
(e.g. weekly) and any other shared options so Dependabot will scan each
example's package.json.