fix(dependabot): correct CLI behavior and improve skill v1.1.0

[vnz]

Summary

Based on real-world testing of the dependabot skill, several misconceptions about the Dependabot CLI behavior were identified and corrected.

Key Fixes

Issue	Before	After
File modification	"CLI modifies files without --local"	CLI never modifies files - outputs JSON only
--local . flag	"dry-run mode"	"use local filesystem as source" (avoids cloning)
Output format	Implied human-readable	Clarified: JSON lines (~40KB+)
Apply workflow	"Run without --local"	Parse JSON → use Edit tool manually

Changes

skills/dependabot.md

• Section 4: Added "Understanding the output" explaining JSON format
• Section 5 (new): How to parse create_pull_request events from JSON
• Section 7→8: Renumbered, now correctly explains manual file editing
• Important Notes: Fixed all misconceptions about CLI behavior

README.md

• Fixed "How It Works" section with accurate CLI behavior

Version bump

• plugin.json: 1.0.0 → 1.1.0
• marketplace.json: 1.0.0 → 1.1.0

Test plan

• Tested skill end-to-end in PR chore(deps): bump GitHub Actions dependencies #6 (github-actions update)
• Review updated documentation for clarity

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello @vnz, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refines the Dependabot skill by correcting fundamental misunderstandings about the Dependabot CLI's operation. It updates documentation to accurately describe how the CLI outputs JSON data instead of modifying files, clarifies the --local flag's purpose, and outlines the manual steps for applying dependency updates. These changes ensure the skill's instructions are precise and effective, improving user experience and reliability.

Highlights

• Dependabot CLI Behavior Clarification: Corrected several misconceptions regarding the Dependabot CLI's operation, specifically that it never modifies files directly, outputs JSON lines, and the --local . flag means using the local filesystem as a source, not a dry-run.
• Documentation Updates: Significantly revised skills/dependabot.md and README.md to accurately reflect the Dependabot CLI's behavior, output format, and the manual process required to apply updates.
• Version Bump: Incremented the version of the Dependabot skill from 1.0.0 to 1.1.0 in plugin.json and marketplace.json.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request provides a significant and valuable correction to the dependabot skill's documentation. The changes accurately reflect the behavior of the Dependabot CLI, clarifying that it outputs JSON rather than modifying files directly. The updated instructions on how to parse the output and manually apply changes are much clearer and more actionable. I've left one minor suggestion in the skill documentation to improve consistency. Overall, this is a great improvement.

[vnz]

Thanks @gemini-code-assist! Good catch - removed the Type column since it's not directly available in the standard JSON output. Fixed in 48f3d7f.

[gemini-code-assist]

You're welcome, @vnz! I'm glad to hear that the clarification regarding the Dependabot CLI's JSON output was helpful. Removing the Type column from the example table in skills/dependabot.md is a good adjustment to accurately reflect the available data. Thanks for the update!