Skip to content

ci(deps): automate dependency updates#2

Merged
alexb-splunk merged 2 commits into
mainfrom
codex/dependabot-ci-refresh
Jul 1, 2026
Merged

ci(deps): automate dependency updates#2
alexb-splunk merged 2 commits into
mainfrom
codex/dependabot-ci-refresh

Conversation

@alexb-splunk

@alexb-splunk alexb-splunk commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • configure weekly Dependabot updates for uv and GitHub Actions
  • keep uv updates lockfile-only, group minor/patch updates, and leave majors as separate PRs
  • use a seven-day cooldown for routine version updates; security updates are unaffected
  • apply Conventional Commit prefixes so dependency automation does not trigger semantic releases
  • update actions/checkout from v5 to v7 and astral-sh/setup-uv from v6 to v8.2.0
  • test the supported floor on Python 3.9 and the current release on Python 3.14
  • synchronize and validate the committed lockfile before lint, tests, and release checks

Validation

  • Dependabot configuration validated against the current Dependabot schema
  • GitHub Actions workflows validated against the current workflow schema
  • lint workflow commands on Python 3.13
  • 12 tests on Python 3.9
  • 12 tests on Python 3.14
  • wheel and source distribution build

Release impact

This changes repository automation only. The ci(deps) commit is non-releasing under the current semantic-release configuration.

The branches are independent, but merge #1 first so these workflows immediately exercise the refreshed dependency lockfile.

@alexb-splunk alexb-splunk merged commit 9edbe14 into main Jul 1, 2026
3 checks passed
@alexb-splunk alexb-splunk deleted the codex/dependabot-ci-refresh branch July 1, 2026 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants