From a3b3e9cc4f683796833075d92df2c5b126145b42 Mon Sep 17 00:00:00 2001 From: Nara Kasbergen Kwon <855115+xiehan@users.noreply.github.com> Date: Wed, 13 Dec 2023 19:28:25 +0100 Subject: [PATCH] chore: enable Dependabot for security updates only --- .github/dependabot.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..63d7063 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,25 @@ +version: 2 +updates: + - package-ecosystem: npm + versioning-strategy: lockfile-only + directory: / + schedule: + interval: daily + labels: + - auto-approve + - automerge + - dependencies + - security + # Disable version updates for npm dependencies, only use Dependabot for security updates + open-pull-requests-limit: 0 + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + labels: + - auto-approve + - automerge + - dependencies + # only update hashicorp actions, external actions managed by tsccr + allow: + - dependency-name: hashicorp/*