Skip to content

[Repo Assist] chore: add Dependabot configuration for npm dependency updates #101

New issue
New issue
Open
Open
[Repo Assist] chore: add Dependabot configuration for npm dependency updates#101
Labels
agentic-workflowsautomationrepo-assist
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 20, 2026

🤖 This PR was created by Repo Assist, an automated AI assistant.

Summary

Adds .github/dependabot.yml to enable automated weekly dependency update PRs for npm packages.

Motivation

The repository's devDependencies are quite dated:

Package Current pinned Latest
typescript ^2.6.1 5.x
vscode ^1.1.6 deprecated
eslint ^4.6.1 9.x
@types/node ^7.0.43 22.x
@types/mocha ^2.2.42 10.x

Without automated updates these fall further and further behind. Dependabot will open individual PRs each Monday so updates can be reviewed and merged incrementally, rather than requiring a large one-off upgrade.

What Changed

  • Added .github/dependabot.yml:
    • Monitors the npm ecosystem at the repo root
    • Runs weekly on Mondays
    • Capped at 5 open PRs at a time to avoid flooding the queue
    • Labels PRs with dependencies for easy filtering
    • Uses conventional-commit prefix chore(deps):

Notes

  • The dependencies label will need to be created in the repo if it doesn't exist yet (or you can change the label in the config).
  • This does not include GitHub Actions monitoring since the only workflow present is the Repo Assist lock file which shouldn't be auto-updated.

Test Status

Documentation/configuration-only change — no code changed, unit tests unaffected.

npm run test:unit: 7/7 pass (unchanged).

Generated by Repo Assist ·

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/repo-assist.md@346204513ecfa08b81566450d7d599556807389f

Generated by Repo Assist ·

To install this agentic workflow, run

gh aw add githubnext/agentics/workflows/repo-assist.md@346204513ecfa08b81566450d7d599556807389f

Warning

🛡️ Protected Files

This was originally intended as a pull request, but the patch modifies protected files: .github/dependabot.yml.

These files may affect project dependencies, CI/CD pipelines, or agent behaviour. Please review the changes carefully before creating the pull request.

Click here to create the pull request once you have reviewed the changes

To route changes like this to a review issue instead of blocking, configure protected-files: fallback-to-issue in your workflow configuration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    agentic-workflowsautomationrepo-assist

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions