From d6d40ed431f2a9db087725f58ae4ae699ab2dc85 Mon Sep 17 00:00:00 2001
From: Kevin Turcios <106575910+KRRT7@users.noreply.github.com>
Date: Thu, 23 Apr 2026 04:13:23 -0500
Subject: [PATCH] Gitignore code_to_optimize lockfiles, re-enable Dependabot
 updates

- Add code_to_optimize/**/package-lock.json to .gitignore
- Re-enable Dependabot version updates with limit of 5 PRs per ecosystem
- Keep code_to_optimize/ ignore comment in dependabot.yml
---
 .github/dependabot.yml | 9 ++++-----
 .gitignore             | 3 +++
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index cf9d36fc5..eb17e0b1d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,4 +1,3 @@
-# TEMPORARILY DISABLED — re-enable by removing open-pull-requests-limit: 0
 version: 2
 updates:
   # Python (root pyproject.toml)
@@ -6,21 +5,21 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 5
 
   # JavaScript (codeflash npm package)
   - package-ecosystem: "npm"
     directory: "/packages/codeflash"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 5
 
   # GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 5
 
   # code_to_optimize/ directories are test fixtures — do NOT update them.
-  # Dependabot PRs for these always fail (missing secrets) and waste CI.
+  # Their package-lock.json files are gitignored to prevent Dependabot alerts.
diff --git a/.gitignore b/.gitignore
index 8f9f05ab6..1a4e87d22 100644
--- a/.gitignore
+++ b/.gitignore
@@ -275,6 +275,9 @@ tessl.json
 **/dist-nuitka/**
 **/.npmrc
 
+# Test fixture lockfiles — prevents Dependabot from scanning them
+code_to_optimize/**/package-lock.json
+
 # Tessl auto-generates AGENTS.md on install; ignore to avoid cluttering git status
 AGENTS.md
 .serena/