Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci(dependencies): add dependabot config #2311

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

ReenigneArcher
Copy link

Double check these details before you open a PR

  • PR does not match another non-stale PR currently opened

Features

This PR adds a dependabot configuration to automatically update dependencies. It will automatically create PRs for outdated dependencies of the following types.

  • github actions
  • npm (all dev dependencies will be grouped into a single PR)
  • python/pip (this normally works for requirements*.txt files even in subfolders, but I don't know if will work in the .github directory)

This PR closes NONE

Notes

This will not start working until the file exists on the default branch. Additionally, dependabot will only run the config that exists on the default branch. This is one reason I would suggest making the default branch develop, although there are plenty of other reasons which mostly involve improving the developer experience.

Personally, I set my dependabot config to run daily, but that may be too overwhelming/annoying for this repo, so I changed it to weekly.

For more dependabot config options, here is the official documentation: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant