Skip to content

Commit c5c66fa

Browse files
author
hallelx2
committed
chore(standards): synced local '.github/dependabot.yml' with remote '.github/dependabot.yml'
Synced AI-review standards from hallelx2/dev-standards.
1 parent 8283eae commit c5c66fa

1 file changed

Lines changed: 17 additions & 10 deletions

File tree

.github/dependabot.yml

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,24 @@
1+
# Dependency CVE automation. Dependabot opens PRs for vulnerable/outdated deps.
2+
# Ecosystems with no manifest in a given repo are simply skipped.
3+
# Also enable per repo: Settings → Code security → Dependabot alerts + security updates.
14
version: 2
25
updates:
6+
- package-ecosystem: github-actions
7+
directory: "/"
8+
schedule:
9+
interval: weekly
10+
labels: [dependencies, security]
11+
312
- package-ecosystem: gomod
4-
directory: /
13+
directory: "/"
514
schedule:
615
interval: weekly
7-
groups:
8-
aws:
9-
patterns:
10-
- "github.com/aws/*"
11-
river:
12-
patterns:
13-
- "github.com/riverqueue/*"
14-
- package-ecosystem: github-actions
15-
directory: /
16+
open-pull-requests-limit: 5
17+
labels: [dependencies, security]
18+
19+
- package-ecosystem: npm
20+
directory: "/"
1621
schedule:
1722
interval: weekly
23+
open-pull-requests-limit: 5
24+
labels: [dependencies, security]

0 commit comments

Comments
 (0)