Skip to content

feat: experimental AI-assisted Dependabot auto-merge agent#1229

Draft
hjgraca wants to merge 5 commits into
developfrom
feat/dependabot-automerge-agent
Draft

feat: experimental AI-assisted Dependabot auto-merge agent#1229
hjgraca wants to merge 5 commits into
developfrom
feat/dependabot-automerge-agent

docs: trim workflow comments, move prerequisites to #1228

89e6a61
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / SonarCloud succeeded Jun 26, 2026 in 4s

2 new alerts including 2 medium severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 2 medium

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 45 in .github/workflows/dependabot_automerge.yml

See this annotation in the file changed.

Code scanning / SonarCloud

JavaScript package manager scripts should not be executed during installation Medium

"npx" can install packages on-demand and run their lifecycle scripts. See more on SonarQube Cloud

Check warning on line 47 in .github/workflows/dependabot_automerge.yml

See this annotation in the file changed.

Code scanning / SonarCloud

JavaScript package manager scripts should not be executed during installation Medium

Omitting "--ignore-scripts" allows lifecycle scripts to run during package installation. See more on SonarQube Cloud