ci: add dependabot weekly summary workflow

[nicktrn]

Adds a Mon 08:00 UTC workflow that posts a summary of open Dependabot alerts and PRs to Slack. Uses env-scoped secrets so the alerts PAT and Slack token are only available to this workflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: ff57d2b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 30523cd2-67f5-413c-ab19-935f8922ccae

📥 Commits

Reviewing files that changed from the base of the PR and between 41083a0 and ff57d2b.

📒 Files selected for processing (1)

• .github/workflows/dependabot-weekly-summary.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/dependabot-weekly-summary.yml

---

Walkthrough

Adds a new GitHub Actions workflow (.github/workflows/dependabot-weekly-summary.yml) that runs weekly (and via manual dispatch) to paginate Dependabot security alerts, compute total and severity breakdowns, build an actions-needed list filtered by THRESHOLD_DAYS, list open Dependabot PRs, locate the latest npm-related Dependabot workflow run, optionally extract “stuck” dependencies from that run’s logs, assemble a Slack JSON payload with these sections, and post it to Slack using slackapi/slack-github-action.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is incomplete. It lacks required sections from the template including Checklist, Testing, Changelog, and Screenshots sections.	Add the missing template sections including the checklist, testing steps, changelog entry, and screenshots section (or N/A if not applicable).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title 'ci: add dependabot weekly summary workflow' clearly and concisely describes the main change: adding a new GitHub Actions workflow for Dependabot summaries.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/dependabot-weekly-summary

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}