- Disable routine Dependabot PR creation while keeping grouped security update handling for npm and GitHub Actions. - Add dependency-review workflow for dependency manifest and lockfile pull requests. - Checked current upstream action majors before committing: actions/checkout v6 and dependency-review-action v5.
38 lines
781 B
YAML
38 lines
781 B
YAML
version: 2
|
|
updates:
|
|
- package-ecosystem: npm
|
|
directories:
|
|
- /
|
|
- /landing
|
|
schedule:
|
|
interval: weekly
|
|
day: monday
|
|
time: "09:00"
|
|
timezone: Etc/UTC
|
|
open-pull-requests-limit: 0
|
|
commit-message:
|
|
prefix: chore
|
|
prefix-development: chore
|
|
include: scope
|
|
groups:
|
|
npm-security:
|
|
applies-to: security-updates
|
|
patterns:
|
|
- "*"
|
|
|
|
- package-ecosystem: github-actions
|
|
directory: /
|
|
schedule:
|
|
interval: weekly
|
|
day: tuesday
|
|
time: "09:00"
|
|
timezone: Etc/UTC
|
|
open-pull-requests-limit: 0
|
|
commit-message:
|
|
prefix: chore
|
|
include: scope
|
|
groups:
|
|
github-actions-security:
|
|
applies-to: security-updates
|
|
patterns:
|
|
- "*"
|