CopilotKit · jpr5 · May 26, 2026
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -29,33 +29,3 @@ updates:
     open-pull-requests-limit: 10
     cooldown:
       default-days: 1
-
-  - package-ecosystem: 'github-actions'
-    directory: '/'
-    schedule:
-      interval: 'daily'
-    groups:
-      minor-and-patch:
-        patterns:
-          - '*'
-        update-types:
-          - 'minor'
-          - 'patch'
-      # Workaround for dependabot/dependabot-core#14202: without an explicit
-      # major group, major updates matching the minor-and-patch pattern are
-      # silently suppressed. Remove this group when #14202 is fixed to get
-      # individual (ungrouped) PRs per major bump instead.
-      major:
-        patterns:
-          - '*'
-        update-types:
-          - 'major'
-    labels:
-      - 'dependencies'
-      - 'github-actions'
-    commit-message:
-      prefix: 'ci'
-      include: 'scope'
-    open-pull-requests-limit: 10
-    cooldown:
-      default-days: 1
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
diff --git a/.github/workflows/dependabot-major-analysis.yml b/.github/workflows/dependabot-major-analysis.yml
diff --git a/.github/zizmor.yml b/.github/zizmor.yml
@@ -1,12 +1,6 @@
 rules:
   dangerous-triggers:
     ignore:
-      # Dependabot auto-merge: uses pull_request_target for write token.
-      # Does NOT checkout PR code. Actor-gated to dependabot[bot].
-      - dependabot-auto-merge.yml
-      # Dependabot major analysis: uses pull_request_target for PR comments.
-      # Does NOT checkout PR code. Actor-gated to dependabot[bot].
-      - dependabot-major-analysis.yml
       # Pre-existing: codeql.yml uses pull_request_target for code scanning.
       - codeql.yml
       # Pre-existing: pr-size.yml uses pull_request_target for PR labels.