secure-python-package-template/.github/dependabot.yml at main · sethmlarson/secure-python-package-template · GitHub

32 lines (29 loc) · 891 Bytes

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

version: 2

# Security sensitive updates (ie: upgrades which fix vulnerabilities)

# aren't affected by any filtering we define below so this is

# purely to do with keeping dependencies compatible and supported.

updates:

# These entries are for our development dependencies

# which we want to keep up to date but only really

# care about major versions for supportability.

- package-ecosystem: "github-actions"

directory: "/.github/workflows"

schedule:

interval: "daily"

ignore:

- dependency-name: "*"

update-types:

- "version-update:semver-minor"

- "version-update:semver-patch"

- package-ecosystem: "pip"

directory: "/requirements"

schedule:

interval: "daily"

allow:

- dependency-type: "direct"

- dependency-type: "indirect"

ignore:

- dependency-name: "*"

update-types:

- "version-update:semver-minor"

- "version-update:semver-patch"