From eaa87cf10aa7c3eecc3d3fff6acbe63397a9e266 Mon Sep 17 00:00:00 2001 From: Dan Guido Date: Fri, 13 Feb 2026 18:03:43 -0500 Subject: [PATCH] chore: update dependabot config for full coverage, weekly schedule, 7-day cooldown, and grouped updates --- .github/dependabot.yml | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9ce291fa33c6..7bb4b26f594e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,25 +3,45 @@ updates: - package-ecosystem: "cargo" directory: "ruby" schedule: - interval: "daily" + interval: "weekly" + cooldown: + default-days: 7 + groups: + cargo-ruby-dependencies: + patterns: + - "*" - package-ecosystem: "cargo" directory: "ql" schedule: - interval: "daily" + interval: "weekly" + cooldown: + default-days: 7 + groups: + cargo-ql-dependencies: + patterns: + - "*" - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" + interval: "weekly" + cooldown: + default-days: 7 ignore: - dependency-name: '*' update-types: ['version-update:semver-patch', 'version-update:semver-minor'] + groups: + github-actions-dependencies: + patterns: + - "*" - package-ecosystem: "gomod" directory: "go/extractor" schedule: - interval: "daily" + interval: "weekly" + cooldown: + default-days: 7 allow: - dependency-name: "golang.org/x/mod" - dependency-name: "golang.org/x/tools" @@ -35,8 +55,14 @@ updates: - package-ecosystem: "gomod" directory: "go/ql/test" schedule: - interval: "monthly" + interval: "weekly" + cooldown: + default-days: 7 ignore: - dependency-name: "*" reviewers: - "github/codeql-go" + groups: + gomod-test-dependencies: + patterns: + - "*"