Configure automatic Dependabot updates

These will happen once month — security vulnerabilities will still be patched immediately. We ignore patch updates since Cargo handles this for us: it will already use the latest SemVer compatible when people download the library.
mgeisler · Oct 1, 2024 · 839aa73 · 839aa73
1 parent fd2c9af
commit 839aa73
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+ - package-ecosystem: github-actions
+ directory: /
+ schedule:
+ interval: monthly
+
+ - package-ecosystem: cargo
+ directory: /
+ schedule:
+ interval: monthly
+ ignore:
+ - dependency-name: "*"
+ update-types:
+ - "version-update:semver-patch"