remove auto-dependabot

[spatten]

Overview

Remove the auto-merge workflow for dependabot.

Acceptance criteria

• We no longer allow dependabot to automerge on this repository

Testing plan

Metrics

Risks

References

Checklist

• I added tests for this PR's change (or explained in the PR description why tests don't make sense).

[coderabbitai]

Walkthrough

The GitHub Actions workflow file at .github/workflows/auto-dependabot.yml has been removed entirely. This workflow previously contained a dependabot-automation job that executed on pull requests and performed automated approval and squash-merging of pull requests via GitHub CLI when the pull request actor matched a specific bot account. The workflow had write permissions configured for repository contents and pull requests.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description covers the main sections but several are incomplete or missing substantive content.	Add a Testing plan (concrete steps to verify the workflow is removed), explain why tests don't apply, and provide any relevant issue references. Fill in Metrics and Risks if applicable to this change.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'remove auto-dependabot' directly and concisely summarizes the main change: removing the auto-dependabot GitHub Actions workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[spatten]

I'm working on a separate PR to switch from tokio-tar to astral-tokio-tar to fix the vuln issue: #32