Skip to content

chore: add npm dependabot coverage#127

Merged
gorzell merged 2 commits into
mainfrom
gorzell/adjust-dependabot-coverage
Jun 16, 2026
Merged

chore: add npm dependabot coverage#127
gorzell merged 2 commits into
mainfrom
gorzell/adjust-dependabot-coverage

Conversation

@gorzell

@gorzell gorzell commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Adds Dependabot npm coverage for crates/string-offsets/js
  • Uses the same monthly schedule as the existing Cargo and GitHub Actions updates
  • Adds a 14-day cooldown to all Dependabot update configurations

Security alerts covered

Generated with the update-deps skill.

@gorzell
chore: add npm dependabot coverage
20b1733 
Cover the string-offsets JavaScript package so Dependabot can open security update PRs for npm alerts in crates/string-offsets/js/package-lock.json.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 16, 2026 06:39
@gorzell gorzell requested a review from a team as a code owner June 16, 2026 06:39
GitHub Advanced Security started work on behalf of gorzell June 16, 2026 06:39 View session
GitHub Advanced Security finished work on behalf of gorzell June 16, 2026 06:40
Copilot AI reviewed Jun 16, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds Dependabot version-update coverage for the JavaScript/NPM dependencies under crates/string-offsets/js, aligning its update cadence with the repository’s existing automated dependency maintenance.

Changes:

  • Add a new Dependabot npm update entry targeting /crates/string-offsets/js.
  • Configure the new entry to run on the same monthly schedule pattern as existing Cargo and GitHub Actions updates.
Show a summary per file
File Description
.github/dependabot.yaml Adds an npm ecosystem entry so Dependabot can update JS dependencies in crates/string-offsets/js on the repo’s standard schedule.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 1

Comment thread .github/dependabot.yaml
@gorzell
chore: add dependabot cooldown
2d73f74 
Apply a 14-day cooldown to each Dependabot update configuration to reduce version update churn.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
GitHub Advanced Security started work on behalf of gorzell June 16, 2026 06:42 View session
GitHub Advanced Security finished work on behalf of gorzell June 16, 2026 06:43
@gorzell gorzell enabled auto-merge June 16, 2026 06:45
@gorzell gorzell merged commit 2251cbb into main Jun 16, 2026
9 checks passed
@gorzell gorzell deleted the gorzell/adjust-dependabot-coverage branch June 16, 2026 06:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bb8gh bb8gh bb8gh approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gorzell @bb8gh