From 20b17334810c2249af26adce6274c8b562561860 Mon Sep 17 00:00:00 2001 From: Greg Orzell Date: Tue, 16 Jun 2026 08:39:03 +0200 Subject: [PATCH 1/2] chore: add npm dependabot coverage Cover the string-offsets JavaScript package so Dependabot can open security update PRs for npm alerts in crates/string-offsets/js/package-lock.json. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/dependabot.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 99ed29e7..8ddb0052 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -12,3 +12,9 @@ updates: schedule: interval: "cron" cronjob: "0 5 2 * *" # Second day of each month at 05:00 UTC + + - package-ecosystem: "npm" + directory: "/crates/string-offsets/js" + schedule: + interval: "cron" + cronjob: "0 5 2 * *" # Second day of each month at 05:00 UTC From 2d73f74a2c3a27cc702848968b59ec49af4707ed Mon Sep 17 00:00:00 2001 From: Greg Orzell Date: Tue, 16 Jun 2026 08:41:39 +0200 Subject: [PATCH 2/2] chore: add dependabot cooldown Apply a 14-day cooldown to each Dependabot update configuration to reduce version update churn. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/dependabot.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 8ddb0052..5df179b0 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -6,15 +6,21 @@ updates: schedule: interval: "cron" cronjob: "0 5 2 * *" # Second day of each month at 05:00 UTC + cooldown: + default-days: 14 - package-ecosystem: "github-actions" directory: "/" schedule: interval: "cron" cronjob: "0 5 2 * *" # Second day of each month at 05:00 UTC + cooldown: + default-days: 14 - package-ecosystem: "npm" directory: "/crates/string-offsets/js" schedule: interval: "cron" cronjob: "0 5 2 * *" # Second day of each month at 05:00 UTC + cooldown: + default-days: 14