Ryan Barrett
|
3971690a1f
|
make dependabot update indirect as well as direct dependency pins
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow
|
2023-09-01 18:26:54 -07:00 |
Ryan Barrett
|
b964949c19
|
let dependabot auto-merge certifi even on major version bumps
...since certifi uses calver, not semver
|
2023-05-14 20:47:03 -07:00 |
Ryan Barrett
|
7e8ec559e2
|
dependabot auto-merge workflow: message when we skip major versions
|
2022-04-25 11:49:10 -07:00 |
Ryan Barrett
|
4dfcdd22da
|
add dependency review GitHub Action, prevents merging dependencies w/vulnerabilities
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review
https://github.com/actions/dependency-review-action#installation=
|
2022-04-17 17:47:39 -07:00 |
Ryan Barrett
|
4ddf717344
|
add CI workflow to auto-merge dependency upgrades
...only patch and minor versions, and only if CI passes.
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
|
2022-03-24 11:19:39 -07:00 |
Ryan Barrett
|
eddc41f020
|
switch dependabot from weekly to daily
|
2022-03-04 06:53:48 -08:00 |
Ryan Barrett
|
6fb58a6918
|
add dependabot, codeql analysis actions
|
2021-12-12 12:30:56 -08:00 |