fix: set npm open-pull-requests-limit to 0 for security-only policy#196
fix: set npm open-pull-requests-limit to 0 for security-only policy#196don-petry wants to merge 3 commits into
Conversation
Per dependabot policy, application ecosystems (npm) should suppress routine version-update PRs by setting open-pull-requests-limit to 0. Dependabot security updates bypass this limit, so security PRs still get created. The github-actions ecosystem correctly retains limit 10. Closes #173 Co-authored-by: don-petry <don-petry@users.noreply.github.com>
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 56 minutes and 1 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@don-petry This PR is ready for review and merge. It fixes the compliance finding by setting the npm ecosystem |
|
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Updates Dependabot configuration to suppress routine npm version-update PRs while still allowing security update PRs per the linked policy.
Changes:
- Set
open-pull-requests-limit: 0for thenpmecosystem in.github/dependabot.yml.



Summary
open-pull-requests-limit: 0for thenpmecosystem in.github/dependabot.ymlgithub-actionsecosystem correctly retainsopen-pull-requests-limit: 10Change
.github/dependabot.yml— npm ecosystemopen-pull-requests-limitchanged from10→0Closes #173
Generated with Claude Code