agent-ecosystem/.github/dependabot.yml
777genius d0b0a18e3b chore(ci): tighten dependency update gates
- Disable routine Dependabot PR creation while keeping grouped security update handling for npm and GitHub Actions.

- Add dependency-review workflow for dependency manifest and lockfile pull requests.

- Checked current upstream action majors before committing: actions/checkout v6 and dependency-review-action v5.
2026-05-24 15:57:04 +03:00

38 lines
781 B
YAML

version: 2
updates:
- package-ecosystem: npm
directories:
- /
- /landing
schedule:
interval: weekly
day: monday
time: "09:00"
timezone: Etc/UTC
open-pull-requests-limit: 0
commit-message:
prefix: chore
prefix-development: chore
include: scope
groups:
npm-security:
applies-to: security-updates
patterns:
- "*"
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
day: tuesday
time: "09:00"
timezone: Etc/UTC
open-pull-requests-limit: 0
commit-message:
prefix: chore
include: scope
groups:
github-actions-security:
applies-to: security-updates
patterns:
- "*"