Skip to content

chore(dependabot): weekly schedule + raise PR limit to 20 (Phase 5)#10146

Draft
santicomp2014 wants to merge 1 commit into
mainfrom
vuln-remediation/dependabot-config
Draft

chore(dependabot): weekly schedule + raise PR limit to 20 (Phase 5)#10146
santicomp2014 wants to merge 1 commit into
mainfrom
vuln-remediation/dependabot-config

Conversation

@santicomp2014

Copy link
Copy Markdown
Contributor

What

Dependabot config tuning for vuln-remediation Phase 5 (recurrence prevention):

  • schedule: weekly (was monthly) — surface dependency updates faster.
  • open-pull-requests-limit: 20 on every ecosystem — the default 5 caps version-update PRs and queues direct-dep bumps.

Why

Most overdue Vanta findings are slow-surfacing or capped direct-dep updates. This reduces SLA drift. (Pure-transitive CVEs still need the manual resolutions/pip-compile sweep — Dependabot can't auto-fix those.)

Opened as draft: review + merge when ready.

🤖 Generated with Claude Code

Vuln-remediation Phase 5 recurrence-prevention: surface dependency
updates faster and stop the default 5-PR cap from queuing security bumps.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant