Problem Statement. The config disables Dependabot entirely, including the security
update stream. Even before version PRs come back, security PRs would be valuable.
Technical Context.
.github/dependabot.yml.
Expected Outcome. A second config revision that enables security-updates
without enabling version-updates. Done via Repo Settings + a config fragment.
Acceptance Criteria.
- A security update lands within 24 h of a CVE being published.
Files or modules likely to be affected.
.github/dependabot.yml,
GH repo settings (documented in docs/security/dependabot.md).
Difficulty. Easy
Estimated effort. XS
Backlog item #96 from `docs/maintainer-issue-backlog.md.
Problem Statement. The config disables Dependabot entirely, including the security
update stream. Even before version PRs come back, security PRs would be valuable.
Technical Context.
.github/dependabot.yml.Expected Outcome. A second config revision that enables
security-updateswithout enabling
version-updates. Done via Repo Settings + a config fragment.Acceptance Criteria.
Files or modules likely to be affected.
.github/dependabot.yml,GH repo settings (documented in
docs/security/dependabot.md).Difficulty. Easy
Estimated effort. XS
Backlog item #96 from `docs/maintainer-issue-backlog.md.