Skip to content

Freeze routine Dependabot version bumps#7

Merged
RafineriaAI merged 1 commit into
mainfrom
freeze-dependabot-version-updates
Jul 4, 2026
Merged

Freeze routine Dependabot version bumps#7
RafineriaAI merged 1 commit into
mainfrom
freeze-dependabot-version-updates

Conversation

@RafineriaAI

Copy link
Copy Markdown
Owner

Scope-locked maintenance hygiene for the frozen public kernel.

  • Disable routine Dependabot version-update PRs (open-pull-requests-limit: 0) for both github-actions and pip ecosystems, so the demonstrator stops emitting weekly dependency-bump noise.
  • Repository-level Dependabot alerts and security updates are enabled, so security patches still open PRs. This is a security-only posture, not a security-off one.
  • Regenerate the integrity manifest and Trusted Output v0 fixture to match the edited dependabot.yml.

Consistent with docs/MAINTENANCE_POLICY.md. Standard validation gate passes locally.

Scope-locked maintenance: disable routine Dependabot version-update pull
requests (open-pull-requests-limit: 0) for both ecosystems so the frozen
public kernel stays quiet. Repository-level Dependabot security updates and
alerts remain enabled, so security patches still open pull requests.

Regenerate the integrity manifest and Trusted Output v0 fixture to match.
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@RafineriaAI RafineriaAI merged commit d60e679 into main Jul 4, 2026
11 checks passed
@RafineriaAI RafineriaAI deleted the freeze-dependabot-version-updates branch July 4, 2026 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant