Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Included githubactions in the dependabot config #8104

Merged
merged 1 commit into from
Apr 3, 2022
Merged

Included githubactions in the dependabot config #8104

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Included githubactions in the dependabot config 
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.

Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot

GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
  • Loading branch information
@nathannaveen
nathannaveen authored Apr 1, 2022
commit 8eec1120f93cb355404fafadddc18fbb6741c882
6 changes: 6 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,9 @@ updates:
update-types: ["version-update:semver-major"]
- dependency-name: sinon
update-types: ["version-update:semver-major"]
- package-ecosystem: "github-actions"
directory: "/"
open-pull-requests-limit: 999
rebase-strategy: disabled
schedule:
interval: weekly