Merge pull request #1280 from scylladb/master

Sync latest changes

docs/_utils/dependabot_template.yml

@@ -1,11 +1,9 @@
 version: 2
 updates:
-- package-ecosystem: "pip"
-  directory: "/docs"
-  schedule:
-    interval: "daily"
-  ignore:
-  - dependency-name: "*"
-  allow:
-  - dependency-name: "sphinx-scylladb-theme"
-  - dependency-name: "sphinx-multiversion-scylla"
+  - package-ecosystem: "pip"
+    directory: "/docs"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-name: "sphinx-scylladb-theme"
+      - dependency-name: "sphinx-multiversion-scylla"

docs/source/configuration/dependabot.rst

@@ -0,0 +1,42 @@
+Dependabot support
+==================
+
+`Dependabot <https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide>`_ is a GitHub-native service that helps you automatically check and manage dependency updates.
+This is especially useful in environments like our toolchain, where frequent and consistent updates to critical dependencies (such as Sphinx-related packages) are needed to ensure the toolchain remains current and secure.
+
+This page explains how to configure the Dependabot file to manage dependency updates specifically for ScyllaDB documentation projects.
+You will find information on customizing update intervals, limiting updates to specific dependencies, and responding to vulnerability alerts.
+
+Enable dependabot
+-----------------
+
+To enable Dependabot for your project, create a ``.github/dependabot.yml`` file in the root directory of your repository.
+Dependabot will read this configuration and manage dependency updates as specified.
+
+Below is an example configuration file for limiting updates to specific dependencies within the Sphinx toolchain:
+
+.. literalinclude:: /upgrade/_partials/dependabot_template.yml
+
+Customize update frequency
+--------------------------
+
+- **Interval options:** You can adjust the ``interval`` setting to specify how often Dependabot checks for updates. Options include ``"daily"``, ``"weekly"``, or ``"monthly"``.
+
+- **Allowed dependencies:** By listing specific dependencies under ``allow``, you limit updates only to those dependencies, preventing unwanted notifications for other updates.
+
+Handle vulnerability alerts
+---------------------------
+
+In case of a vulnerability alert, projects are responsible for keeping dependencies secure and up-to-date.
+Generally, this can be handled by frequently merging new Sphinx Theme versions through automated pull-requests, which will include the latest versions of direct dependencies.
+
+For dependencies that do not strictly depend on the theme, you may need to run a manual update.
+
+To update all dependencies to the latest versions, use:
+
+.. code-block:: bash
+
+   cd docs
+   make update
+
+Then, commit the updated ``poetry.lock`` file and push the changes to the repository.

docs/source/configuration/index.rst

@@ -11,6 +11,7 @@ Configuration
    markdown
    redirects
    search
+   dependabot
 
 .. panel-box::
   :title: Overview

docs/source/upgrade/CHANGELOG.md

@@ -5,6 +5,39 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 1.8.3 - 25 Oct 2024
+
+### Added
+
+- [#1277](https://github.com/scylladb/sphinx-scylladb-theme/pull/1277): Documentation on Dependabot support, explaining configuration, update frequency, and handling vulnerability alerts.
+
+### Fixed 
+
+- [#1277](https://github.com/scylladb/sphinx-scylladb-theme/pull/1277): Updated cookie configuration to ensure cookies are available across all `.scylladb.com` subdomains.
+- [#1277](https://github.com/scylladb/sphinx-scylladb-theme/pull/1277): Corrected Dependabot ignore property that was unintentionally excluding all dependencies, now allowing only specified dependencies to receive updates.
+
+## 1.8.2 - 22 Oct 2024
+
+### Added
+
+- [#1257](https://github.com/scylladb/sphinx-scylladb-theme/pull/1257): The theme now respects browser and system preferences for dark mode by default.
+
+### Updated
+
+- [#1257](https://github.com/scylladb/sphinx-scylladb-theme/pull/1257): Switched from localStorage to cache for storing settings such as dark mode and announcement preferences. This allows for shared preferences across projects.
+
+### Fixed
+
+- [#1246](https://github.com/scylladb/sphinx-scylladb-theme/pull/1246): Tooltips now correctly render glossary entries without relying on whether the glossary file was pre-loaded by Sphinx.
+- [#1260](https://github.com/scylladb/sphinx-scylladb-theme/pull/1260): Fixed a brief flash of light mode when navigating between pages in dark mode.
+- [#1258](https://github.com/scylladb/sphinx-scylladb-theme/pull/1258): Styled legacy panel boxes defined inside raw HTML directives to display correctly in dark mode.
+
+### Removed
+
+- [#1267](https://github.com/scylladb/sphinx-scylladb-theme/pull/1267): Removed the previous icon library.
+- [#1266](https://github.com/scylladb/sphinx-scylladb-theme/pull/1266): Completely dropped Font Awesome support, removed the latest icons, and cleaned up the dependency.
+
+
 ## 1.8.1 - 24 Sept 2024
 
 ## Added

docs/source/upgrade/_partials/dependabot_template.yml

@@ -1,11 +1,9 @@
 version: 2
 updates:
-- package-ecosystem: "pip"
-  directory: "/docs"
-  schedule:
-    interval: "daily"
-  ignore:
-  - dependency-name: "*"
-  allow:
-  - dependency-name: "sphinx-scylladb-theme"
-  - dependency-name: "sphinx-multiversion-scylla"
+  - package-ecosystem: "pip"
+    directory: "/docs"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-name: "sphinx-scylladb-theme"
+      - dependency-name: "sphinx-multiversion-scylla"