chore: enable Dependabot version updates#94
Conversation
AI Quality Gate ReportMode:
Duplication
Security
Logic
Advisory mode does not block merge. Review findings before strict mode is enabled. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2975595b0d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - package-ecosystem: "docker" | ||
| directories: | ||
| - "/" |
There was a problem hiding this comment.
Use docker-compose for compose image updates
This repo has no Dockerfile (checked with find), but it does have deploy/compose.yaml with image tags such as redis:7-alpine; GitHub’s Dependabot docs list Dockerfiles under the docker ecosystem and Docker Compose files under the separate docker-compose ecosystem. With this entry set to docker and rooted at /, Dependabot will not maintain the compose image versions this rollout is meant to cover, so the container dependencies in deploy/compose.yaml remain stale.
Useful? React with 👍 / 👎.
| groups: | ||
| github-actions-deps: | ||
| patterns: ["*"] | ||
| - package-ecosystem: "docker" |
There was a problem hiding this comment.
The repo also contains a Helm chart at deploy/helm/titan/Chart.yaml with chart dependencies (redis, chromadb, and postgresql), but this configuration only schedules pip, GitHub Actions, and Docker updates. GitHub’s Dependabot ecosystem list includes Helm Charts as the separate helm ecosystem, so without a helm entry for /deploy/helm/titan, those chart dependency constraints will never get the weekly version-update PRs this rollout is intended to enable.
Useful? React with 👍 / 👎.
Fleet-wide freshness rollout: weekly grouped version updates for all detected ecosystems (pip gha docker), capped at 3 open PRs per ecosystem. Vulnerability alerts and automated security fixes enabled alongside.
🤖 Generated with Claude Code