You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
🤖 This PR was created by Repo Assist, an automated AI assistant.
Summary
Adds .github/dependabot.yml to enable automated weekly dependency update PRs for npm packages.
Motivation
The repository's devDependencies are quite dated:
Package
Current pinned
Latest
typescript
^2.6.1
5.x
vscode
^1.1.6
deprecated
eslint
^4.6.1
9.x
@types/node
^7.0.43
22.x
@types/mocha
^2.2.42
10.x
Without automated updates these fall further and further behind. Dependabot will open individual PRs each Monday so updates can be reviewed and merged incrementally, rather than requiring a large one-off upgrade.
What Changed
Added .github/dependabot.yml:
Monitors the npm ecosystem at the repo root
Runs weekly on Mondays
Capped at 5 open PRs at a time to avoid flooding the queue
Labels PRs with dependencies for easy filtering
Uses conventional-commit prefix chore(deps):
Notes
The dependencies label will need to be created in the repo if it doesn't exist yet (or you can change the label in the config).
This does not include GitHub Actions monitoring since the only workflow present is the Repo Assist lock file which shouldn't be auto-updated.
Test Status
Documentation/configuration-only change — no code changed, unit tests unaffected.
gh aw add githubnext/agentics/workflows/repo-assist.md@346204513ecfa08b81566450d7d599556807389f
Warning
🛡️ Protected Files
This was originally intended as a pull request, but the patch modifies protected files: .github/dependabot.yml.
These files may affect project dependencies, CI/CD pipelines, or agent behaviour. Please review the changes carefully before creating the pull request.
🤖 This PR was created by Repo Assist, an automated AI assistant.
Summary
Adds
.github/dependabot.ymlto enable automated weekly dependency update PRs for npm packages.Motivation
The repository's
devDependenciesare quite dated:typescript^2.6.1vscode^1.1.6eslint^4.6.1@types/node^7.0.43@types/mocha^2.2.42Without automated updates these fall further and further behind. Dependabot will open individual PRs each Monday so updates can be reviewed and merged incrementally, rather than requiring a large one-off upgrade.
What Changed
.github/dependabot.yml:npmecosystem at the repo rootdependenciesfor easy filteringchore(deps):Notes
dependencieslabel will need to be created in the repo if it doesn't exist yet (or you can change the label in the config).Test Status
Documentation/configuration-only change — no code changed, unit tests unaffected.
npm run test:unit: 7/7 pass (unchanged).Warning
🛡️ Protected Files
This was originally intended as a pull request, but the patch modifies protected files:
.github/dependabot.yml.These files may affect project dependencies, CI/CD pipelines, or agent behaviour. Please review the changes carefully before creating the pull request.
Click here to create the pull request once you have reviewed the changes
To route changes like this to a review issue instead of blocking, configure
protected-files: fallback-to-issuein your workflow configuration.