From 379f748b725bbf3ee9db04995c6bbeb7f701d683 Mon Sep 17 00:00:00 2001
From: Jordan Ritter <jpr5@darkridge.com>
Date: Fri, 15 May 2026 13:12:47 -0700
Subject: [PATCH] fix(ci): strip @mentions from dependabot major version
 analysis comments

Release notes fetched from upstream repos contain @username mentions
that trigger GitHub notifications when posted as PR comments. Sanitize
the release body by stripping the @ prefix from mentions before
building the comment.

Closes #216
---
 .github/workflows/dependabot-major-analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-major-analysis.yml b/.github/workflows/dependabot-major-analysis.yml
index 2b28279..c51ce55 100644
--- a/.github/workflows/dependabot-major-analysis.yml
+++ b/.github/workflows/dependabot-major-analysis.yml
@@ -63,7 +63,7 @@ jobs:
               breakingChanges = `_Unable to determine breaking changes automatically. Please review the [full changelog](https://github.com/${repoSlug}/releases)._`;
             } else {
               for (const release of relevantReleases.slice(0, 10)) {
-                const body = release.body || '_No release notes._';
+                const body = (release.body || '_No release notes._').replace(/(?<=^|\s)@(?=[a-zA-Z0-9])(?![a-zA-Z0-9-]*\/)/gm, '');
                 releaseNotesSummary += `### ${release.tag_name}${release.name && release.name !== release.tag_name ? ' — ' + release.name : ''}\n\n`;
                 releaseNotesSummary += body.substring(0, 2000);
                 if (body.length > 2000) releaseNotesSummary += '\n\n_...truncated_';