From b371b3d939d61ffbd1ecf0dce4f2e0ffdb38b560 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 16:17:03 +0000 Subject: [PATCH 1/2] chore(deps): bump ollama/ollama Bumps the docker-compose group with 1 update in the / directory: ollama/ollama. Updates `ollama/ollama` from 0.21.0 to 0.21.2 --- updated-dependencies: - dependency-name: ollama/ollama dependency-version: 0.21.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker-compose ... Signed-off-by: dependabot[bot] --- docker-compose.qa.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.qa.yaml b/docker-compose.qa.yaml index 0a8c0de..794f8f0 100644 --- a/docker-compose.qa.yaml +++ b/docker-compose.qa.yaml @@ -74,7 +74,7 @@ services: start_period: 10s ollama-qa: - image: ollama/ollama:0.21.0 + image: ollama/ollama:0.21.2 container_name: awareness-ollama-qa restart: unless-stopped ports: From de08566374db6a56dc33af1fbdec0bb5f37ebee3 Mon Sep 17 00:00:00 2001 From: "cmeans-claude-dev[bot]" <272174644+cmeans-claude-dev[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 16:17:16 +0000 Subject: [PATCH 2/2] chore(changelog): record dep bumps from #398 --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5cd6c6f..59efc29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - **Dependabot CHANGELOG automation + ecosystem labels.** New `.github/workflows/dependabot-changelog.yml` runs on `pull_request_target` filtered to `dependabot[bot]`-authored PRs and prepends a one-line `### Changed` entry under `[Unreleased]` summarizing the bumped packages and version arrows. Authentication uses a GitHub App installation token (minted via `actions/create-github-app-token@v3.1.1`, requires repo secrets `BOT_APP_ID` + `BOT_APP_PRIVATE_KEY`) rather than `secrets.GITHUB_TOKEN` so the workflow's commit re-fires required CI checks (lint, typecheck, test, qa-gate, scan) — pushes by `GITHUB_TOKEN` are silently skipped by GitHub's anti-loop policy and would leave required checks unsatisfied on the bot's HEAD SHA, blocking merge under main-protection. `dependabot/fetch-metadata` pinned to `@v3.1.0` (full SHA) — earlier 2.x versions return empty `prevVersion`/`newVersion` on grouped updates. Inline composer carries the Keep-a-Changelog v1.1.0 ordering fix (Added → Changed → Deprecated → Removed → Fixed → Security): when creating a fresh `### Changed` subsection, walks forward to insert before the first later-sorting subsection (or end of `[Unreleased]`) instead of placing it at `unreleased_idx + 1`. Loop guard skips on bot-authored last commit; idempotency guard skips when CHANGELOG already references the PR number. Detects both `## Unreleased` and `## [Unreleased]` heading styles; this repo uses the bracketed form. Repo labels `python`, `github-actions`, `docker` created (`dependencies` already existed) so Dependabot stops silently skipping them. Ports the `dependabot-pr-hygiene-playbook` validated on cmeans/mcp-synology (PR #58 + #63 ordering fix), cmeans/mcp-clipboard, and cmeans/pypi-winnow-downloads. ### Changed +- **Bump docker-compose group: ollama/ollama 0.21.0→0.21.2** (#398) - **Bump github-actions group: docker/build-push-action 6.19.2→7.1.0, docker/setup-buildx-action 3.12.0→4.0.0** (#397) - **`.github/dependabot.yml` commit-message prefix corrected to bare `chore`.** Previous setting `prefix: "chore(deps)"` combined with `include: "scope"` produced doubled prefixes like `chore(deps)(deps): bump foo` because Dependabot auto-appends the `(deps)` scope when `include: scope` is set. Bare `chore` plus `include: scope` yields the canonical `chore(deps): bump foo`. Existing open Dependabot PRs (#397, #398) that landed before this change carry the doubled prefix in their titles; recreating them via `@dependabot recreate` after this PR merges will pick up the corrected commit-message config and the new auto-CHANGELOG workflow simultaneously. All four ecosystem blocks updated (pip, github-actions, docker, docker-compose).