mirror of
https://gh.wpcy.net/https://github.com/seven-io/FreeScout.git
synced 2026-07-15 14:15:20 +08:00
37 lines
No EOL
1.2 KiB
YAML
37 lines
No EOL
1.2 KiB
YAML
# managed-by: seven-io/isms-tools/scripts/dependabot-rollout.sh
|
|
# Dependabot config: scheduled + grouped security updates. Do not edit by hand;
|
|
# changes should be made in the script and re-rolled out with FORCE_UPDATE=true.
|
|
# See: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
|
|
version: 2
|
|
updates:
|
|
- package-ecosystem: "composer"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "monday"
|
|
open-pull-requests-limit: 5
|
|
cooldown:
|
|
default-days: 5
|
|
semver-major-days: 14
|
|
semver-minor-days: 7
|
|
semver-patch-days: 3
|
|
groups:
|
|
security-all:
|
|
applies-to: security-updates
|
|
patterns: ["*"]
|
|
minor-patch:
|
|
applies-to: version-updates
|
|
patterns: ["*"]
|
|
update-types: ["minor", "patch"]
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "monthly"
|
|
open-pull-requests-limit: 2
|
|
# github-actions only supports default-days for cooldown; semver-*-days
|
|
# is rejected by Dependabot (actions tags don't reliably follow semver).
|
|
cooldown:
|
|
default-days: 5
|
|
groups:
|
|
actions-all:
|
|
patterns: ["*"] |