Skip to content

chore: Dependabot auto-merge for patch-level bumps #16

Description

@adamdaw

Configure Dependabot to auto-merge patch-level dependency bumps after CI passes.

Context

Dependabot opens weekly PRs for all 4 ecosystems (npm, pip, GitHub Actions, Docker). Patch-level bumps (e.g., 0.48.0 → 0.48.1) are low-risk and could merge automatically.

Acceptance Criteria

  • .github/dependabot.yml updated with auto-merge config for patch updates
  • GitHub branch protection allows Dependabot auto-merge
  • Major/minor bumps still require manual review

Reference: docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions