Skip to content

Comments

Update dependabot.yml file naming information to include the .yaml extension#43123

Open
DanGM96 wants to merge 1 commit intogithub:mainfrom
DanGM96:patch-1
Open

Update dependabot.yml file naming information to include the .yaml extension#43123
DanGM96 wants to merge 1 commit intogithub:mainfrom
DanGM96:patch-1

Conversation

@DanGM96
Copy link

@DanGM96 DanGM96 commented Feb 24, 2026

Clarified that the dependabot configuration file can be named dependabot.yaml in addition to dependabot.yml.

References:

Why:

In practice this has been possible for many years and the documentation does not reflect it.
Resulting in AI chats such as Copilot denying the possibility of using the .yaml extension.

What's being changed:

Just a minor part of the documentation, although it could be more explicit and added in other places, it should allow for Search Engines and AI Bots to reach the information.

Check off the following:

  • A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
  • The changes in this PR meet the docs fundamentals that are required for all content.
  • All CI checks are passing and the changes look good in the review environment.

Clarified that the dependabot configuration file can be named dependabot.yaml in addition to dependabot.yml.

References:
- dependabot/feedback#874
- https://github.com/yaml/go-yaml/blob/main/.github/dependabot.yaml
Copilot AI review requested due to automatic review settings February 24, 2026 17:33
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Feb 24, 2026
@github-actions
Copy link
Contributor

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

The table shows the files in the content directory that were changed in this pull request. This helps you review your changes on a staging server. Changes to the data directory are not included in this table.

Source Review Production What Changed
code-security/concepts/supply-chain-security/about-the-dependabot-yml-file.md fpt
ghec
ghes@ 3.19 3.18 3.17 3.16 3.15 3.14
fpt
ghec
ghes@ 3.19 3.18 3.17 3.16 3.15 3.14

Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server

🤖 This comment is automatically generated.

Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Dependabot configuration documentation to explicitly note that the config file may use the .yaml extension (in addition to .yml), aligning the docs with real-world behavior.

Changes:

  • Update the documented config file path to mention .github/dependabot.yaml as an accepted alternative to .github/dependabot.yml.

## Where to store the `dependabot.yml` file

You must store this file in the `.github` directory of your repository in the default branch (typically `main`). The path is: `.github/dependabot.yml`.
You must store this file in the `.github` directory of your repository in the default branch (typically `main`). The path is: `.github/dependabot.yml` (you can also use `.github/dependabot.yaml`).
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two spaces after the colon in "The path is: .github/dependabot.yml", which looks like an editing artifact and can trip content linting/formatting. Consider tightening the sentence (for example, avoid the colon/parenthetical) and use a single space.

Suggested change
You must store this file in the `.github` directory of your repository in the default branch (typically `main`). The path is: `.github/dependabot.yml` (you can also use `.github/dependabot.yaml`).
You must store this file in the `.github` directory of your repository in the default branch (typically `main`), at `.github/dependabot.yml` or `.github/dependabot.yaml`.

Copilot uses AI. Check for mistakes.
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no strong feelings about this change and the double spaces were already there. A maintainer can commit the suggestion if they agree with the bot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

triage Do not begin working on this issue until triaged by the team

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant