Fix dependabot config: add missing ecosystems, weekly schedule, cooldown

dguido · claude · dguido · commit d6720fc4d9ef · 2026-02-12T23:48:38.000-05:00
- Change schedule from daily to weekly for all ecosystems
- Add cooldown with default-days: 7 for supply chain safety
- Add grouped updates with patterns: ["*"] for all ecosystems
- Consolidate cargo entries: root workspace (/) covers ruby/rust/shared
- Add missing ecosystems: npm (javascript/extractor), pip (python/extractor,
  misc/codegen), nuget (csharp/extractor)
- Remove redundant gomod test entry (was ignoring all deps)

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,27 +1,44 @@
 version: 2
 updates:
   - package-ecosystem: "cargo"
-    directory: "ruby"
+    directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    groups:
+      all-cargo-root:
+        patterns:
+          - "*"
 
   - package-ecosystem: "cargo"
     directory: "ql"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    groups:
+      all-cargo-ql:
+        patterns:
+          - "*"
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
-    ignore:
-      - dependency-name: '*'
-        update-types: ['version-update:semver-patch', 'version-update:semver-minor']
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    groups:
+      all-actions:
+        patterns:
+          - "*"
 
   - package-ecosystem: "gomod"
     directory: "go/extractor"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    cooldown:
+      default-days: 7
     allow:
       - dependency-name: "golang.org/x/mod"
       - dependency-name: "golang.org/x/tools"
@@ -32,11 +49,46 @@ updates:
     reviewers:
       - "github/codeql-go"
 
-  - package-ecosystem: "gomod"
-    directory: "go/ql/test"
+  - package-ecosystem: "npm"
+    directory: "javascript/extractor/lib/typescript"
     schedule:
-      interval: "monthly"
-    ignore:
-      - dependency-name: "*"
-    reviewers:
-      - "github/codeql-go"
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    groups:
+      all-npm:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "pip"
+    directory: "python/extractor"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    groups:
+      all-pip-extractor:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "pip"
+    directory: "misc/codegen"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    groups:
+      all-pip-codegen:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "nuget"
+    directory: "csharp/extractor"
+    schedule:
+      interval: "weekly"
+    cooldown:
+      default-days: 7
+    groups:
+      all-nuget:
+        patterns:
+          - "*"
