ci: add Dependabot version-update config across SDKs#27
Draft
PederHP wants to merge 1 commit into
Draft
Conversation
Enables scheduled version updates for the C#, Go, and TypeScript SDKs plus the CI GitHub Actions. Previously the repo had no dependabot.yml, so only repository-level security updates were running — meaning the C# SDK (and the others) received CVE-driven PRs but no routine dependency freshening. Weekly cadence; npm and nuget updates are grouped to keep PR noise down. Python (python/sdk) is omitted until a real Python SDK exists — it is currently alpha scaffolding; add a `pip` entry when that lands. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds
.github/dependabot.ymlenabling scheduled version updates for every active SDK — C# (nuget), Go (gomod), TypeScript (npm) — plus the CI GitHub Actions.Why
The repo had no
dependabot.yml, so only repository-level security updates were running (the CVE-driven PRs like #9 and #14). Those cover all ecosystems automatically, including C# — but there were no routine "keep dependencies current" PRs for any language. This closes that gap and brings the C# SDK in line with the others.Notes for the working group
weekly—dailygets noisy with this many ecosystems.npmandnugetupdates are grouped into one PR per ecosystem per week to reduce noise. Happy to split majors out if preferred.python/sdk/is currently alpha scaffolding (no real SDK yet). Add apipentry when a Python SDK actually lands.Opening this as a concrete proposal to discuss at the interceptors WG sync re: unifying dependency management across SDKs.
🤖 Generated with Claude Code