Add Dependabot config for weekly Gradle updates#356
Open
jonbartels wants to merge 4 commits into
Open
Conversation
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Jon Bartels <jonathan.bartels@gmail.com>
jonbartels
requested review from
a team,
NicoPiel,
gibson9583,
kayyagari,
kpalang,
mgaffigan,
pacmano1 and
ssrowe
July 17, 2026 14:45
mgaffigan
requested changes
Jul 17, 2026
mgaffigan
left a comment
Contributor
There was a problem hiding this comment.
Can we get the dockerfile included, too?
Also: add minimum package age to limit supplychain attacks. 2d would be my suggested minimum age.
There was a problem hiding this comment.
Pull request overview
Adds a Dependabot configuration to enable automated dependency update PRs for this repository’s Gradle multi-module build on a weekly cadence.
Changes:
- Introduces
.github/dependabot.ymlusing Dependabot config schemaversion: 2. - Configures weekly checks for the
gradleecosystem at the repository root (/).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Jon Bartels <jonathan.bartels@gmail.com>
Scan Dockerfile in addition to Gradle, require a 2-day minimum age (cooldown) before opening PRs, and group updates by coherent project family to reduce PR noise. Groups are keyed deep enough to keep unrelated org.apache.* projects (commons, log4j, ...) separate. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: Jon Bartels <jonathan.bartels@gmail.com>
|
If I understand the github changelog entry correctly 3 days is already the default: https://github.blog/changelog/2026-07-14-dependabot-version-updates-introduce-default-package-cooldown/ |
Signed-off-by: Jon Bartels <jonathan.bartels@gmail.com>
jonbartels
force-pushed
the
add-dependabot-gradle
branch
from
July 17, 2026 16:03
cf9bc66 to
116e5d5
Compare
mgaffigan
approved these changes
Jul 17, 2026
gibson9583
approved these changes
Jul 17, 2026
kryskool
approved these changes
Jul 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/dependabot.ymlto enable Dependabot dependency updates for this Gradle project.version: 2(current).gradleecosystem at the repo root (/), which covers the multi-module build (build.gradle+settings.gradleand sub-modulebuild.gradlefiles).weeklyschedule.🤖 Generated with Claude Code