Skip to content

Commit bcd772d

Browse files
ci: restrict dependabot to same-major updates with 7-day cooldown
Co-Authored-By: rlamb@launchdarkly.com <4955475+kinyoklion@users.noreply.github.com>
1 parent ae6ae1a commit bcd772d

1 file changed

Lines changed: 21 additions & 3 deletions

File tree

.github/dependabot.yml

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,28 @@
11
version: 2
2-
updates:
2+
updates:
33
- package-ecosystem: "github-actions"
44
directory: "/"
5-
schedule:
5+
schedule:
66
interval: "daily"
7+
# Dependency quarantine: only adopt releases that are at least 7 days old.
8+
cooldown:
9+
default-days: 7
10+
# Restrict version updates to the current major version. Security updates are
11+
# exempt (update-types does not affect security updates), so Dependabot may
12+
# still bump a major version when required to resolve a vulnerability.
13+
ignore:
14+
- dependency-name: "*"
15+
update-types: ["version-update:semver-major"]
716
- package-ecosystem: "npm"
817
directory: "/"
9-
schedule:
18+
schedule:
1019
interval: "daily"
20+
# Dependency quarantine: only adopt releases that are at least 7 days old.
21+
cooldown:
22+
default-days: 7
23+
# Restrict version updates to the current major version. Security updates are
24+
# exempt (update-types does not affect security updates), so Dependabot may
25+
# still bump a major version when required to resolve a vulnerability.
26+
ignore:
27+
- dependency-name: "*"
28+
update-types: ["version-update:semver-major"]

0 commit comments

Comments
 (0)