You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
🤖 This is an automated PR from Repo Assist, an AI assistant for this repository.
Summary
The existing Dependabot configuration only tracked GitHub Actions version updates. This PR adds Python package (pip/Poetry) dependency tracking so that pyproject.toml dependencies are also monitored weekly for updates and security patches.
Changes
Add pip ecosystem to .github/dependabot.yml — Dependabot supports Poetry's pyproject.toml via the pip ecosystem
Weekly schedule matching the existing GitHub Actions schedule
open-pull-requests-limit: 5 to avoid flooding maintainers with PRs
Grouped updates: all Python dependency bumps are batched into a single PR using Dependabot's groups feature, reducing noise significantly
Rationale
Currently, Python dependency versions in pyproject.toml are only updated manually. This means:
Security patches (e.g. the manually pinned nbconvert CVE fix) can slip through unnoticed
Maintainers have to remember to audit dependencies periodically
Automating this via Dependabot ensures timely awareness of updates, especially security-relevant ones.
Trade-offs
Dependabot will create up to one grouped PR per week if any Python packages have updates available. The open-pull-requests-limit: 5 cap prevents runaway PR creation.
Some Poetry-specific constraints (e.g. version ranges, markers) may require manual adjustment when Dependabot proposes bumps — this is expected and each proposed PR is a suggestion, not an automatic merge.
Test Status
This change is a CI configuration file only — no code changes, no build or test steps to run. The dependabot.yml format is standard YAML validated by GitHub at submission.
Warning
🛡️ Protected Files
This was originally intended as a pull request, but the patch modifies protected files: .github/dependabot.yml.
These files may affect project dependencies, CI/CD pipelines, or agent behaviour. Please review the changes carefully before creating the pull request.
To route changes like this to a review issue instead of blocking, configure protected-files: fallback-to-issue in your workflow configuration.
Note
🔒 Integrity filtering filtered 40 items
Integrity filtering activated and filtered the following items during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.
issue:Mediation Analysis key error #214 (list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)
🤖 This is an automated PR from Repo Assist, an AI assistant for this repository.
Summary
The existing Dependabot configuration only tracked GitHub Actions version updates. This PR adds Python package (pip/Poetry) dependency tracking so that
pyproject.tomldependencies are also monitored weekly for updates and security patches.Changes
pipecosystem to.github/dependabot.yml— Dependabot supports Poetry'spyproject.tomlvia thepipecosystemopen-pull-requests-limit: 5to avoid flooding maintainers with PRsgroupsfeature, reducing noise significantlyRationale
Currently, Python dependency versions in
pyproject.tomlare only updated manually. This means:nbconvertCVE fix) can slip through unnoticedAutomating this via Dependabot ensures timely awareness of updates, especially security-relevant ones.
Trade-offs
open-pull-requests-limit: 5cap prevents runaway PR creation.Test Status
This change is a CI configuration file only — no code changes, no build or test steps to run. The
dependabot.ymlformat is standard YAML validated by GitHub at submission.Warning
🛡️ Protected Files
This was originally intended as a pull request, but the patch modifies protected files:
.github/dependabot.yml.These files may affect project dependencies, CI/CD pipelines, or agent behaviour. Please review the changes carefully before creating the pull request.
Click here to create the pull request once you have reviewed the changes
To route changes like this to a review issue instead of blocking, configure
protected-files: fallback-to-issuein your workflow configuration.Note
🔒 Integrity filtering filtered 40 items
Integrity filtering activated and filtered the following items during workflow execution.
This happens when a tool call accesses a resource that does not meet the required integrity or secrecy level of the workflow.
issue_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)list_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".)