Gitignore code_to_optimize lockfiles, re-enable Dependabot updates

- Add code_to_optimize/**/package-lock.json to .gitignore - Re-enable Dependabot version updates with limit of 5 PRs per ecosystem - Keep code_to_optimize/ ignore comment in dependabot.yml
2026-04-23 04:13:23 -05:00 · 2026-04-23 04:13:23 -05:00 · d6d40ed431
commit d6d40ed431
parent e1a7569c94
2 changed files with 7 additions and 5 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,4 +1,3 @@
-# TEMPORARILY DISABLED — re-enable by removing open-pull-requests-limit: 0
 version: 2
 updates:
  # Python (root pyproject.toml)
@ -6,21 +5,21 @@ updates:
    directory: "/"
    schedule:
      interval: "weekly"
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 5

  # JavaScript (codeflash npm package)
  - package-ecosystem: "npm"
    directory: "/packages/codeflash"
    schedule:
      interval: "weekly"
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 5

  # GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
-    open-pull-requests-limit: 0
+    open-pull-requests-limit: 5

  # code_to_optimize/ directories are test fixtures — do NOT update them.
-  # Dependabot PRs for these always fail (missing secrets) and waste CI.
+  # Their package-lock.json files are gitignored to prevent Dependabot alerts.
--- a/.gitignore
+++ b/.gitignore
@ -275,6 +275,9 @@ tessl.json
 **/dist-nuitka/**
 **/.npmrc

+# Test fixture lockfiles — prevents Dependabot from scanning them
+code_to_optimize/**/package-lock.json
+
 # Tessl auto-generates AGENTS.md on install; ignore to avoid cluttering git status
 AGENTS.md
 .serena/