File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # Dependency CVE automation. Dependabot opens PRs for vulnerable/outdated deps.
2+ # Ecosystems with no manifest in a given repo are simply skipped.
3+ # Also enable per repo: Settings → Code security → Dependabot alerts + security updates.
14version : 2
25updates :
6+ - package-ecosystem : github-actions
7+ directory : " /"
8+ schedule :
9+ interval : weekly
10+ labels : [dependencies, security]
11+
312 - package-ecosystem : gomod
4- directory : /
13+ directory : " / "
514 schedule :
615 interval : weekly
7- groups :
8- aws :
9- patterns :
10- - " github.com/aws/*"
11- river :
12- patterns :
13- - " github.com/riverqueue/*"
14- - package-ecosystem : github-actions
15- directory : /
16+ open-pull-requests-limit : 5
17+ labels : [dependencies, security]
18+
19+ - package-ecosystem : npm
20+ directory : " /"
1621 schedule :
1722 interval : weekly
23+ open-pull-requests-limit : 5
24+ labels : [dependencies, security]
You can’t perform that action at this time.
0 commit comments