Updated dependabot config to security only (#1975)
see for details : https://dependabot.com/docs/config-file/#allowed_updates ## Why make the change? @dependabot makes PRs for upgrading dependencies, but it doesn't automatically call `make vendor`, which is a problem because that means any merge for a @dependabot PR will require manual intervention. I've looked through the @dependabot PR history and there has never been a successfully merged PR. [See here](https://github.com/status-im/status-go/pulls?q=is%3Apr+author%3Aapp%2Fdependabot-preview+is%3Aclosed) If we are going to use this service we should only be warned of security updates, until we can implement a `make-vendor-bot` to automatically update the vendored files. ## What has changed? Changed @dependabot settings to only make a PR for security updates.
This commit is contained in:
parent
be683556ff
commit
9e2e94d851
|
@ -9,9 +9,15 @@ update_configs:
|
||||||
default_assignees:
|
default_assignees:
|
||||||
- "cammellos"
|
- "cammellos"
|
||||||
- "Samyoul"
|
- "Samyoul"
|
||||||
|
allowed_updates:
|
||||||
|
- match:
|
||||||
|
update_type: "security"
|
||||||
- package_manager: "go:modules"
|
- package_manager: "go:modules"
|
||||||
directory: "/protocol"
|
directory: "/protocol"
|
||||||
update_schedule: "weekly"
|
update_schedule: "weekly"
|
||||||
default_assignees:
|
default_assignees:
|
||||||
- "cammellos"
|
- "cammellos"
|
||||||
- "Samyoul"
|
- "Samyoul"
|
||||||
|
allowed_updates:
|
||||||
|
- match:
|
||||||
|
update_type: "security"
|
||||||
|
|
Loading…
Reference in New Issue