ci: only security PRs from dependabot
This commit is contained in:
Elliot DeNolf
9
.github/dependabot.yml
vendored
9
.github/dependabot.yml
vendored
@@ -21,6 +21,7 @@ updates:
|
|||||||
- package-ecosystem: npm
|
- package-ecosystem: npm
|
||||||
directory: /
|
directory: /
|
||||||
target-branch: main
|
target-branch: main
|
||||||
|
open-pull-requests-limit: 0 # Only allow security updates
|
||||||
schedule:
|
schedule:
|
||||||
interval: weekly
|
interval: weekly
|
||||||
day: sunday
|
day: sunday
|
||||||
@@ -38,8 +39,6 @@ updates:
|
|||||||
- patch
|
- patch
|
||||||
patterns:
|
patterns:
|
||||||
- '*'
|
- '*'
|
||||||
exclude-patterns:
|
|
||||||
- 'drizzle*'
|
|
||||||
dev-deps:
|
dev-deps:
|
||||||
dependency-type: development
|
dependency-type: development
|
||||||
update-types:
|
update-types:
|
||||||
@@ -47,13 +46,11 @@ updates:
|
|||||||
- patch
|
- patch
|
||||||
patterns:
|
patterns:
|
||||||
- '*'
|
- '*'
|
||||||
exclude-patterns:
|
|
||||||
- 'drizzle*'
|
|
||||||
|
|
||||||
# Only bump patch versions for 2.x
|
|
||||||
- package-ecosystem: npm
|
- package-ecosystem: npm
|
||||||
directory: /
|
directory: /
|
||||||
target-branch: 2.x
|
target-branch: 2.x
|
||||||
|
open-pull-requests-limit: 0 # Only allow security updates
|
||||||
schedule:
|
schedule:
|
||||||
interval: weekly
|
interval: weekly
|
||||||
day: sunday
|
day: sunday
|
||||||
@@ -70,5 +67,3 @@ updates:
|
|||||||
- patch
|
- patch
|
||||||
patterns:
|
patterns:
|
||||||
- '*'
|
- '*'
|
||||||
exclude-patterns:
|
|
||||||
- 'drizzle*'
|
|
||||||
|
|||||||
Reference in New Issue
Block a user