Skip to content

Commit 503cc1f

Browse files
ci: restrict dependabot to same-major updates with 7-day cooldown
Co-Authored-By: rlamb@launchdarkly.com <4955475+kinyoklion@users.noreply.github.com>
1 parent 5e88822 commit 503cc1f

1 file changed

Lines changed: 14 additions & 0 deletions

File tree

.github/dependabot.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,25 @@ updates:
44
directory: "/"
55
schedule:
66
interval: "daily"
7+
# Dependency quarantine: only adopt releases that are at least 7 days old.
78
cooldown:
89
default-days: 7
10+
# Restrict version updates to the current major version. Security updates are
11+
# exempt (update-types does not affect security updates), so Dependabot may
12+
# still bump a major version when required to resolve a vulnerability.
13+
ignore:
14+
- dependency-name: "*"
15+
update-types: ["version-update:semver-major"]
916
- package-ecosystem: "npm"
1017
directory: "/"
1118
schedule:
1219
interval: "daily"
20+
# Dependency quarantine: only adopt releases that are at least 7 days old.
1321
cooldown:
1422
default-days: 7
23+
# Restrict version updates to the current major version. Security updates are
24+
# exempt (update-types does not affect security updates), so Dependabot may
25+
# still bump a major version when required to resolve a vulnerability.
26+
ignore:
27+
- dependency-name: "*"
28+
update-types: ["version-update:semver-major"]

0 commit comments

Comments
 (0)