[PR #6338] [MERGED] ci: make dependabot updates monthly and bump PR limit #5966

New issue

Closed

opened 2026-05-05 10:48:12 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:48:12 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6338
Author: @kmk3
Created: 5/13/2024
Status: ✅ Merged
Merged: 5/18/2024
Merged by: @kmk3

Base: master ← Head: ci-dependabot-monthly

📝 Commits (1)

8c671c2 ci: make dependabot updates monthly and bump PR limit

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 .github/dependabot.yml (+2 -2)

📄 Description

It is currently only used for GitHub Actions. The ones used in this
project rarely ever contain notable changes in their changelogs (in a
way that would cause a noticeable difference in our CI).

Also, there are weeks when most/all of the PR/commit activity is from
dependabot PRs being opened/merged. For example, see the output of the
following command:

git log --no-decorate --oneline 9a0db13e12..bef085035

So change the checks from weekly to monthly to reduce the noise.

Additionally, bump open-pull-requests-limit to 4, as it seems that we
only have 4 dependencies:

$ git grep 'uses:' -- .github/ | sed -E 's/.*(uses: .*)@.*/\1/' |
  LC_ALL=C sort -u
uses: actions/checkout
uses: github/codeql-action/analyze
uses: github/codeql-action/init
uses: step-security/harden-runner

This should ensure that PRs can be opened against all of them when the
dependabot check is run.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6338 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 5/13/2024 **Status:** ✅ Merged **Merged:** 5/18/2024 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `ci-dependabot-monthly` --- ### 📝 Commits (1) - [`8c671c2`](https://github.com/netblue30/firejail/commit/8c671c2c0036c2b8c7811ef78ce7dd209cd54ee8) ci: make dependabot updates monthly and bump PR limit ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `.github/dependabot.yml` (+2 -2) </details> ### 📄 Description It is currently only used for GitHub Actions. The ones used in this project rarely ever contain notable changes in their changelogs (in a way that would cause a noticeable difference in our CI). Also, there are weeks when most/all of the PR/commit activity is from dependabot PRs being opened/merged. For example, see the output of the following command: git log --no-decorate --oneline 9a0db13e12..bef085035 So change the checks from weekly to monthly to reduce the noise. Additionally, bump `open-pull-requests-limit` to 4, as it seems that we only have 4 dependencies: $ git grep 'uses:' -- .github/ | sed -E 's/.*(uses: .*)@.*/\1/' | LC_ALL=C sort -u uses: actions/checkout uses: github/codeql-action/analyze uses: github/codeql-action/init uses: step-security/harden-runner This should ensure that PRs can be opened against all of them when the dependabot check is run. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:48:12 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5966

No description provided.

Rows
Columns