From a1f922f3968890a75ca5becb1a204b98e8838300 Mon Sep 17 00:00:00 2001 From: William Easton Date: Sun, 8 Mar 2026 19:05:40 -0500 Subject: [PATCH] fix(dependency-review): only run on opened/reopened, not synchronize Dependabot's synchronize events are almost always rebases that don't change the version being bumped. Running the full analysis on every synchronize produces duplicate, redundant comments on the PR (as seen on PR #2114 which received two identical Dependency Update Analysis comments). When dependabot finds a newer version it opens a new PR, so opened/reopened is sufficient coverage. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 39639a247..9eaef2f14 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,7 +1,7 @@ name: Dependency Review on: pull_request: - types: [opened, synchronize, reopened] + types: [opened, reopened] permissions: actions: read