Skip to content

Update dependabot.yml file naming information to include the .yaml extension#43123

Merged
Sharra-writes merged 3 commits intogithub:mainfrom
DanGM96:patch-1
Apr 2, 2026
Merged

Update dependabot.yml file naming information to include the .yaml extension#43123
Sharra-writes merged 3 commits intogithub:mainfrom
DanGM96:patch-1

Conversation

@DanGM96
Copy link
Copy Markdown
Contributor

@DanGM96 DanGM96 commented Feb 24, 2026

Clarified that the dependabot configuration file can be named dependabot.yaml in addition to dependabot.yml.

References:

Why:

In practice this has been possible for many years and the documentation does not reflect it.
Resulting in AI chats such as Copilot denying the possibility of using the .yaml extension.

What's being changed:

Just a minor part of the documentation, although it could be more explicit and added in other places, it should allow for Search Engines and AI Bots to reach the information.

Check off the following:

  • A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
  • The changes in this PR meet the docs fundamentals that are required for all content.
  • All CI checks are passing and the changes look good in the review environment.

@DanGM96
Update dependabot.yml file naming information
d4228b4 
Clarified that the dependabot configuration file can be named dependabot.yaml in addition to dependabot.yml.

References:
- dependabot/feedback#874
- https://github.com/yaml/go-yaml/blob/main/.github/dependabot.yaml
Copilot AI review requested due to automatic review settings February 24, 2026 17:33
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Feb 24, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on a staging server. Changes to the data directory are not included in this table.

Source Review Production What Changed
code-security/concepts/supply-chain-security/about-the-dependabot-yml-file.md fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14
fpt
ghec
ghes@ 3.20 3.19 3.18 3.17 3.16 3.15 3.14

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

Copilot AI reviewed Feb 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Dependabot configuration documentation to explicitly note that the config file may use the .yaml extension (in addition to .yml), aligning the docs with real-world behavior.

Changes:

  • Update the documented config file path to mention .github/dependabot.yaml as an accepted alternative to .github/dependabot.yml.

@Sharra-writes
Copy link
Copy Markdown
Contributor

Sharra-writes commented Feb 25, 2026

@DanGM96 I'll check and make sure there's no reason we aren't documenting this.

@Sharra-writes Sharra-writes added content This issue or pull request belongs to the Docs Content team dependabot Content related to Dependabot and removed triage Do not begin working on this issue until triaged by the team labels Apr 1, 2026
jeffwidman
jeffwidman previously approved these changes Apr 2, 2026
View reviewed changes
@Sharra-writes
Apply suggestion from @Copilot
928a559 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@Sharra-writes
Copy link
Copy Markdown
Contributor

Sharra-writes commented Apr 2, 2026

@DanGM96 Got approval on this, so I will merge it once the checks are all passing. 🎉

@Sharra-writes Sharra-writes added this pull request to the merge queue Apr 2, 2026
Merged via the queue into github:main with commit d0e231d Apr 2, 2026
41 checks passed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 2, 2026

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

@glitchincorperated-netizen

This comment was marked as spam.

Sign in to view
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Sharra-writes Sharra-writes Sharra-writes approved these changes

+1 more reviewer

@jeffwidman jeffwidman jeffwidman left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

content This issue or pull request belongs to the Docs Content team dependabot Content related to Dependabot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@DanGM96 @Sharra-writes @glitchincorperated-netizen @jeffwidman