mirror of
https://github.com/maputnik/editor.git
synced 2026-02-14 16:40:01 +00:00
7e784f80f6
add a cooldown to dependency updates to give the securiy communtiy a better chance of fixing supply chain attacks
33 lines
1006 B
YAML
33 lines
1006 B
YAML
# To get started with Dependabot version updates, you'll need to specify which
|
|
# package ecosystems to update and where the package manifests are located.
|
|
# Please see the documentation for all configuration options:
|
|
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
|
|
|
version: 2
|
|
updates:
|
|
- package-ecosystem: "npm" # See documentation for possible values
|
|
directory: "/" # Location of package manifests
|
|
schedule:
|
|
interval: "daily"
|
|
open-pull-requests-limit: 20
|
|
versioning-strategy: increase
|
|
cooldown:
|
|
default-days: 5
|
|
semver-major-days: 5
|
|
semver-minor-days: 3
|
|
semver-patch-days: 3
|
|
include:
|
|
- "*"
|
|
exclude:
|
|
- "@maplibre/*"
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "daily"
|
|
cooldown:
|
|
default-days: 3
|
|
# no semver support for github-actions
|
|
# => no specific configuration for this
|
|
include:
|
|
- "*"
|