From 6f72184ccaaff8b0e83a01b3aa1deab0d3eefc6b Mon Sep 17 00:00:00 2001 From: sebi Date: Sun, 17 May 2026 13:56:02 -0500 Subject: [PATCH] =?UTF-8?q?chore:=20remove=20dependabot=20=E2=80=94=20manu?= =?UTF-8?q?al=20dep=20bumps=20only?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Founder direction: no automated dependency bumps. Major-version bumps churn faster than the project absorbs them (proven on the first batch: biome 2.x rejected our 1.9.4 config, typescript 6.x broke bun lockfile, action major bumps had unverified breaking changes). Manual bump cadence will follow the four-stage pipeline: spec change → contract impact → impl (cargo upgrade / bun update) → tests. Closing all 5 open dependabot PRs (#2 #3 #4 #5 #6) alongside this commit. --- .github/dependabot.yml | 82 ------------------------------------------ 1 file changed, 82 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 7ff2664..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,82 +0,0 @@ -# SPDX-License-Identifier: MIT -# Copyright (c) 2026 Nexus Engine contributors -# -# Dependabot config — weekly dep update sweeps across Rust, scripts/, and -# GitHub Actions. Minor + patch bumps group into one PR per ecosystem; -# majors land as separate PRs for review. -# -# Spec refs: -# - docs/architecture/01-principles.md (Law 4: always compiles, Law 7: MIT-only) -# - deny.toml (license + ban gates run in ci.yml) - -version: 2 - -updates: - # ─── Rust workspace ─────────────────────────────────────────────────────── - - package-ecosystem: cargo - directory: "/" - schedule: - interval: weekly - day: monday - time: "06:00" - timezone: Etc/UTC - open-pull-requests-limit: 5 - commit-message: - prefix: "deps" - include: scope - labels: - - dependencies - - automated - - area/ci - groups: - cargo-minor-and-patch: - applies-to: version-updates - update-types: - - minor - - patch - - # ─── scripts/ (Bun + npm registry) ──────────────────────────────────────── - - package-ecosystem: npm - directory: "/scripts" - schedule: - interval: weekly - day: monday - time: "06:00" - timezone: Etc/UTC - open-pull-requests-limit: 5 - commit-message: - prefix: "deps" - include: scope - labels: - - dependencies - - automated - - area/scripts - groups: - npm-minor-and-patch: - applies-to: version-updates - update-types: - - minor - - patch - - # ─── GitHub Actions ─────────────────────────────────────────────────────── - - package-ecosystem: github-actions - directory: "/" - schedule: - interval: weekly - day: monday - time: "06:00" - timezone: Etc/UTC - open-pull-requests-limit: 5 - commit-message: - prefix: "deps" - include: scope - labels: - - dependencies - - automated - - area/ci - groups: - actions-all: - applies-to: version-updates - update-types: - - minor - - patch