Skip to content

Commit 028c8b7

Browse files
authored
security: Delay dependabot updates [TAROT-3707] (#285)
7 days should be enough when most malicious packages are patched within 24 hours.
1 parent e5b9687 commit 028c8b7

1 file changed

Lines changed: 19 additions & 17 deletions

File tree

.github/dependabot.yml

Lines changed: 19 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,21 @@
11
version: 2
22
updates:
3-
- package-ecosystem: pip
4-
directory: "/"
5-
schedule:
6-
interval: daily
7-
timezone: Europe/Lisbon
8-
open-pull-requests-limit: 10
9-
allow:
10-
- dependency-type: direct
11-
- dependency-type: indirect
12-
ignore:
13-
- dependency-name: pylint
14-
versions:
15-
- 2.8.1
16-
- dependency-name: pylint-django
17-
versions:
18-
- 2.4.2
19-
- 2.4.3
3+
- package-ecosystem: pip
4+
directory: "/"
5+
schedule:
6+
interval: daily
7+
timezone: Europe/Lisbon
8+
open-pull-requests-limit: 10
9+
allow:
10+
- dependency-type: direct
11+
- dependency-type: indirect
12+
ignore:
13+
- dependency-name: pylint
14+
versions:
15+
- 2.8.1
16+
- dependency-name: pylint-django
17+
versions:
18+
- 2.4.2
19+
- 2.4.3
20+
cooldown:
21+
default-days: 7

0 commit comments

Comments
 (0)