Skip to content

feat: add Dependabot configuration for pip and GitHub Actions#1622

Merged
mnriem merged 1 commit intogithub:mainfrom
mnriem:feature/dependabot
Feb 18, 2026
Merged

feat: add Dependabot configuration for pip and GitHub Actions#1622
mnriem merged 1 commit intogithub:mainfrom
mnriem:feature/dependabot

Conversation

@mnriem
Copy link
Collaborator

@mnriem mnriem commented Feb 18, 2026

Summary

Adds .github/dependabot.yml to enable automated dependency update monitoring.

Changes

  • Weekly update checks for pip ecosystem (typer, rich, httpx, platformdirs, readchar, truststore, pyyaml, packaging)
  • Weekly update checks for github-actions ecosystem (workflow action versions)

Motivation

Eight runtime dependencies plus GitHub Actions versions had no automated security or compatibility monitoring. Dependabot will now open PRs for version updates and security patches automatically.

Copilot AI review requested due to automatic review settings February 18, 2026 22:26
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Dependabot configuration to enable automated dependency update PRs for the repository’s Python dependencies and GitHub Actions workflows.

Changes:

  • Added .github/dependabot.yml with weekly checks for the pip ecosystem at /
  • Added .github/dependabot.yml with weekly checks for the github-actions ecosystem at /

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mnriem mnriem merged commit 686c91f into github:main Feb 18, 2026
7 checks passed
@mnriem mnriem deleted the feature/dependabot branch February 18, 2026 23:42
mjunaidca pushed a commit to panaversity/spec-kit-plus that referenced this pull request Feb 19, 2026
….0.98)

Key upstream changes absorbed:
- Modular extension system (PR github#1551): plugin architecture with YAML
  manifests, extension catalog, hook system, CLI management commands
- Constitution preservation on reinit (PR github#1553): template moved to
  templates/constitution-template.md, user customizations preserved
- .specify.specify path bug fix (PR github#1588): double-nesting resolved
- Google Anti Gravity agent support (PR github#1220): new agy agent in release
- Stale workflow (PR github#1594): auto-close inactive issues after 180 days
- Dependabot config (PR github#1622): automated pip and Actions updates
- Markdownlint fixes (PR github#1571), plan template typo (PR github#1446)
- README maintainers section removed (PR github#1618)

Conflict resolutions:
- pyproject.toml: kept our version (0.0.20.post1) over upstream 0.1.0
- plan-template.md: kept /sp.plan prefix over upstream /speckit.plan
- create-release-packages.sh: merged agy agent + kept our
  generate_agent_rules; updated constitutionplus/command-rules paths
  from memory/ to templates/ to match upstream rename
- README.md: kept our SpecifyPlus content, dropped upstream maintainers
  section (already removed upstream), preserved contributing section
- templates/command-rules.md, templates/constitutionplus.md: accepted
  memory/ → templates/ relocation matching upstream convention

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
nsalvacao pushed a commit to nsalvacao/spec-kit that referenced this pull request Feb 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants