Yicong-Huang opened a new issue, #6164: URL: https://github.com/apache/texera/issues/6164
### Task Summary With the sbt dependency graph feeding Dependabot alerts (#6162), the complementary half is keeping dependencies current so alerts rarely fire: enable Dependabot **version updates** by adding `.github/dependabot.yml`. Weekly schedule, covering: `sbt` (root build — ecosystem support is new as of 2026-05, beta), `npm` (`frontend/`, `pyright-language-service/`), `pip` (`amber/`), and `github-actions`. Minor/patch bumps grouped into one PR per ecosystem to limit CI/review load; commit prefixes follow the repo's Conventional Commits style (`chore(deps)` / `ci`). 267 ASF repos already use `dependabot.yml`. Out of scope: `dependabot_updates` in `.asf.yaml` (automatic security-fix PRs) stays off for now to avoid a PR burst while #6152/#6155 are in flight. ### Task Type - [ ] Refactor / Cleanup - [x] DevOps / Deployment / CI - [ ] Testing / QA - [ ] Documentation - [ ] Performance - [ ] Other -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
