FreeScout/.github/dependabot.yml
2026-05-26 15:09:57 +02:00

37 lines
No EOL
1.2 KiB
YAML

# managed-by: seven-io/isms-tools/scripts/dependabot-rollout.sh
# Dependabot config: scheduled + grouped security updates. Do not edit by hand;
# changes should be made in the script and re-rolled out with FORCE_UPDATE=true.
# See: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
- package-ecosystem: "composer"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
open-pull-requests-limit: 5
cooldown:
default-days: 5
semver-major-days: 14
semver-minor-days: 7
semver-patch-days: 3
groups:
security-all:
applies-to: security-updates
patterns: ["*"]
minor-patch:
applies-to: version-updates
patterns: ["*"]
update-types: ["minor", "patch"]
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
open-pull-requests-limit: 2
# github-actions only supports default-days for cooldown; semver-*-days
# is rejected by Dependabot (actions tags don't reliably follow semver).
cooldown:
default-days: 5
groups:
actions-all:
patterns: ["*"]