Skip to content

chore(dependabot): weekly schedule + raise PR limit to 20 (Phase 5)#7558

Draft
santicomp2014 wants to merge 1 commit into
mainfrom
vuln-remediation/dependabot-config
Draft

chore(dependabot): weekly schedule + raise PR limit to 20 (Phase 5)#7558
santicomp2014 wants to merge 1 commit into
mainfrom
vuln-remediation/dependabot-config

Conversation

@santicomp2014

Copy link
Copy Markdown
Contributor

What

Dependabot config tuning for vuln-remediation Phase 5 (recurrence prevention):

  • schedule: weekly (was monthly) — surface dependency updates faster.
  • open-pull-requests-limit: 20 on every ecosystem — the default 5 caps version-update PRs and queues direct-dep bumps.
  • Adds the missing pip ecosystem — client has requirements/ but no pip version-updates were configured.

Why

Most overdue Vanta findings are slow-surfacing or capped direct-dep updates. This reduces SLA drift. (Pure-transitive CVEs still need the manual resolutions/pip-compile sweep — Dependabot can't auto-fix those.)

Opened as draft: review + merge when ready.

🤖 Generated with Claude Code

…pip ecosystem (Phase 5)

Vuln-remediation Phase 5 recurrence-prevention: surface dependency
updates faster and stop the default 5-PR cap from queuing security bumps.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@codecov

codecov Bot commented Jun 30, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.62%. Comparing base (eba8f5a) to head (02efc3f).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #7558   +/-   ##
=======================================
  Coverage   99.62%   99.62%           
=======================================
  Files         285      285           
  Lines       11971    11971           
  Branches     2920     2920           
=======================================
  Hits        11926    11926           
  Misses         45       45           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant