wallabag/.github/dependabot.yml
naveensrinivasan d52f00132a
Included githubactions in the dependabot config
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.

Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot

GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-04-19 13:55:41 -05:00

44 lines
898 B
YAML

version: 2
updates:
- package-ecosystem: npm
directory: "/"
schedule:
interval: weekly
time: "04:00"
timezone: Europe/Paris
open-pull-requests-limit: 10
ignore:
- dependency-name: materialize-css
versions:
- "> 0.98.2"
- package-ecosystem: composer
directory: "/"
schedule:
interval: daily
time: "04:00"
timezone: Europe/Paris
open-pull-requests-limit: 10
reviewers:
- j0k3r
- tcitworld
- Kdecherf
labels:
- Ready for review
ignore:
- dependency-name: doctrine/doctrine-migrations-bundle
versions:
- "> 1.3.2"
- dependency-name: friendsofsymfony/user-bundle
versions:
- "> 2.0.2"
- dependency-name: nelmio/api-doc-bundle
versions:
- "> 2.13.4"
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: weekly
time: "04:00"
timezone: Europe/Paris
open-pull-requests-limit: 10