[chore] Create dependabot.yml

[seongwon030]

🚀 릴리즈 PR인 경우 릴리즈 템플릿으로 전환해 주세요. (Preview 탭에서 클릭)

#️⃣연관된 이슈

ex) #이슈번호, #이슈번호

📝작업 내용

이번 PR에서 작업한 내용을 간략히 설명해주세요(이미지/동영상 첨부 가능)

중점적으로 리뷰받고 싶은 부분(선택)

리뷰어가 특별히 봐주었으면 하는 부분이 있다면 작성해주세요

ex) 메서드 XXX의 이름을 더 잘 짓고 싶은데 혹시 좋은 명칭이 있을까요?

논의하고 싶은 부분(선택)

논의하고 싶은 부분이 있다면 작성해주세요.

🫡 참고사항

Summary by CodeRabbit

• Chores
  • 의존성 자동 업데이트 구성이 추가되었습니다. 프론트엔드 npm 패키지, 백엔드 gradle 라이브러리, GitHub Actions에 대해 주간 정기 업데이트가 자동으로 생성되도록 설정되었으며, 이를 통해 의존성이 체계적으로 관리될 수 있습니다.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
moadong	Ready	Preview, Comment	Jun 17, 2026 5:48am

[coderabbitai]

Warning

Review limit reached

@seongwon030, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 56 minutes and 6 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 52029c2a-a8fb-463f-9950-2ad8ca388532

📥 Commits

Reviewing files that changed from the base of the PR and between f31480e and 8db304b.

📒 Files selected for processing (1)

• .github/dependabot.yml

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (1)

Validation error: Invalid regex pattern for base branch. at "reviews.auto_review.base_branches[0]"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Walkthrough

.github/dependabot.yml 파일을 새로 생성하여 npm(/frontend), gradle(/backend), GitHub Actions(루트)에 대한 주간 Dependabot 업데이트를 구성했다. 기본 항목은 PR 상한을 0으로 설정하고, 프론트엔드 npm에는 develop-fe 브랜치를 대상으로 PR 상한 5인 별도 항목을 추가했다.

Changes

Dependabot 구성 추가

Layer / File(s)	Summary
Dependabot 전체 업데이트 구성 .github/dependabot.yml	npm(/frontend), gradle(/backend), github-actions(루트)에 대해 주간 업데이트 항목을 구성하고 open-pull-requests-limit: 0으로 설정한다. 추가로 /frontend npm에 대해 target-branch: develop-fe, open-pull-requests-limit: 5인 별도 항목을 정의한다.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR 제목이 변경사항의 주요 목적을 명확하고 간결하게 설명하고 있습니다. dependabot.yml 파일 생성이라는 핵심 변경사항을 직접적으로 나타내고 있습니다.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/add-dependabot

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces a Dependabot configuration file (.github/dependabot.yml) to automate dependency updates for npm, gradle, and GitHub Actions. The review feedback highlights that the open-pull-requests-limit is set to 0 for both the gradle and github-actions ecosystems, which prevents any update pull requests from being created. It is recommended to increase these limits to a value greater than zero to enable automated updates for the backend and workflow dependencies.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

.github/dependabot.yml (1)

21-27: ⚡ Quick win

선택적 개선: reviewers, labels, commit-message 설정 추가를 고려하세요.

Dependabot PR을 더 효과적으로 관리하기 위해 다음 옵션들을 추가하는 것을 고려해보세요:

• reviewers: 자동으로 리뷰어 지정
• assignees: 자동으로 담당자 지정
• labels: PR 분류를 위한 레이블 추가
• commit-message: 커밋 메시지 접두사 설정

💡 권장 개선 예시

  # develop-fe → 프론트엔드 정기 버전 업데이트 PR (보안 포함)
  - package-ecosystem: npm
    directory: /frontend
    target-branch: develop-fe
    schedule:
      interval: weekly
    open-pull-requests-limit: 5
+   reviewers:
+     - "team-frontend"
+   labels:
+     - "dependencies"
+     - "frontend"
+   commit-message:
+     prefix: "chore(deps)"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/dependabot.yml around lines 21 - 27, The Dependabot configuration
for the frontend npm package (the entry with directory: /frontend) is missing
optional configuration settings that would improve PR management. Add the
reviewers, assignees, labels, and commit-message configuration options to the
npm package-ecosystem block for the /frontend directory to automatically assign
reviewers and assignees, categorize PRs with labels, and standardize commit
message formatting. These settings should be added at the same indentation level
as the existing schedule and open-pull-requests-limit properties.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/dependabot.yml:
- Around line 15-19: The github-actions package ecosystem configuration in
dependabot.yml has open-pull-requests-limit set to 0, which disables automatic
security updates for GitHub Actions. Change the open-pull-requests-limit value
from 0 to an appropriate number (such as 5) in the github-actions configuration
block to enable dependabot to create pull requests for security updates to
GitHub Actions used in workflows.
- Around line 9-13: The open-pull-requests-limit for the gradle backend
configuration in the dependabot.yml file is currently set to 0, which completely
disables automatic dependency update PR creation for backend dependencies.
Change the open-pull-requests-limit value from 0 to an appropriate number
between 5 and 10 in the gradle package-ecosystem section (with directory:
/backend) to enable automatic pull requests for security patches and bug fixes.
- Around line 21-27: The dependabot configuration has duplicate npm
package-ecosystem entries both targeting the same /frontend directory but with
different target-branch settings and open-pull-requests-limit values. Remove the
first npm item (which targets the default branch with a limit of 0 to prevent PR
creation) and keep only the develop-fe targeted entry (with limit 5) to
eliminate the redundancy and clarify the configuration intent.
- Around line 3-7: The dependabot.yml file contains configuration entries for
target branches develop-fe and develop/be that do not exist in the repository,
causing those Dependabot configurations to be non-functional. To resolve this
issue, either create the missing develop-fe and develop/be branches in the
repository to match the existing Dependabot configuration, or remove the
Dependabot configuration sections that reference these non-existent branches
(the sections that specify these branches as targets with their respective
update schedules and limits). Choose the approach that aligns with your
repository's branching strategy.

---

Nitpick comments:
In @.github/dependabot.yml:
- Around line 21-27: The Dependabot configuration for the frontend npm package
(the entry with directory: /frontend) is missing optional configuration settings
that would improve PR management. Add the reviewers, assignees, labels, and
commit-message configuration options to the npm package-ecosystem block for the
/frontend directory to automatically assign reviewers and assignees, categorize
PRs with labels, and standardize commit message formatting. These settings
should be added at the same indentation level as the existing schedule and
open-pull-requests-limit properties.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d1e1dab0-f3b9-40c1-8e2b-bde310d5f38c

📥 Commits

Reviewing files that changed from the base of the PR and between 4255e91 and f31480e.

📒 Files selected for processing (1)

• .github/dependabot.yml