bridgy-fed

Autor	SHA1	Wiadomość	Data
Ryan Barrett	3971690a1f	make dependabot update indirect as well as direct dependency pins https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow	2023-09-01 18:26:54 -07:00
Ryan Barrett	b964949c19	let dependabot auto-merge certifi even on major version bumps ...since certifi uses calver, not semver	2023-05-14 20:47:03 -07:00
Ryan Barrett	7e8ec559e2	dependabot auto-merge workflow: message when we skip major versions	2022-04-25 11:49:10 -07:00
Ryan Barrett	4dfcdd22da	add dependency review GitHub Action, prevents merging dependencies w/vulnerabilities https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review https://github.com/actions/dependency-review-action#installation=	2022-04-17 17:47:39 -07:00
Ryan Barrett	4ddf717344	add CI workflow to auto-merge dependency upgrades ...only patch and minor versions, and only if CI passes. https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request	2022-03-24 11:19:39 -07:00
Ryan Barrett	eddc41f020	switch dependabot from weekly to daily	2022-03-04 06:53:48 -08:00
Ryan Barrett	6fb58a6918	add dependabot, codeql analysis actions	2021-12-12 12:30:56 -08:00