Skip to content

Commit

Permalink
Update dependabot.yaml for security updates
Browse files Browse the repository at this point in the history 
Testing if dependabot can create security pull request for release-2.6, 2.7 and 2.8 branches.

I am trying to cheat with a separate `updates` entry per branch. 

Most likely dependabot cannot bump only security-relevan dependencies in older branches, see  dependabot/dependabot-core#2767 (comment)
  • Loading branch information
@jsafrane
jsafrane authored Jun 14, 2023
1 parent c9200e1 commit 7519f82
Showing 1 changed file with 60 additions and 0 deletions.
60 changes: 60 additions & 0 deletions .github/dependabot.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,63 @@ updates:
- "release-note-none"
- "ok-to-test"
open-pull-requests-limit: 10

# Experimenting with security fixes to 2.6, 2.7 and 2.8 branches
- package-ecosystem: gomod
directory: "/"
schedule:
interval: daily
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
open-pull-requests-limit: 10
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
open-pull-requests-limit: 0
target-branch: "release-2.6"

- package-ecosystem: gomod
directory: "/"
schedule:
interval: daily
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
open-pull-requests-limit: 10
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
open-pull-requests-limit: 0
target-branch: "release-2.7"
- package-ecosystem: gomod
directory: "/"
schedule:
interval: daily
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
open-pull-requests-limit: 10
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
labels:
- "area/dependency"
- "release-note-none"
- "ok-to-test"
open-pull-requests-limit: 0
target-branch: "release-2.8"

0 comments on commit 7519f82

Please sign in to comment.