Yicong-Huang opened a new issue, #6164:
URL: https://github.com/apache/texera/issues/6164

   ### Task Summary
   
   With the sbt dependency graph feeding Dependabot alerts (#6162), the 
complementary half is keeping dependencies current so alerts rarely fire: 
enable Dependabot **version updates** by adding `.github/dependabot.yml`.
   
   Weekly schedule, covering: `sbt` (root build — ecosystem support is new as 
of 2026-05, beta), `npm` (`frontend/`, `pyright-language-service/`), `pip` 
(`amber/`), and `github-actions`. Minor/patch bumps grouped into one PR per 
ecosystem to limit CI/review load; commit prefixes follow the repo's 
Conventional Commits style (`chore(deps)` / `ci`). 267 ASF repos already use 
`dependabot.yml`.
   
   Out of scope: `dependabot_updates` in `.asf.yaml` (automatic security-fix 
PRs) stays off for now to avoid a PR burst while #6152/#6155 are in flight.
   
   ### Task Type
   
   - [ ] Refactor / Cleanup
   - [x] DevOps / Deployment / CI
   - [ ] Testing / QA
   - [ ] Documentation
   - [ ] Performance
   - [ ] Other


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to