Updated dependabot config to security only (#1975)

see for details : https://dependabot.com/docs/config-file/#allowed_updates

## Why make the change?

@dependabot makes PRs for upgrading dependencies, but it doesn't automatically call `make vendor`, which is a problem because that means any merge for a @dependabot PR will require manual intervention.

I've looked through the @dependabot PR history and there has never been a successfully merged PR. [See here](https://github.com/status-im/status-go/pulls?q=is%3Apr+author%3Aapp%2Fdependabot-preview+is%3Aclosed)

If we are going to use this service we should only be warned of security updates, until we can implement a `make-vendor-bot` to automatically update the vendored files.

## What has changed?

Changed @dependabot settings to only make a PR for security updates.
This commit is contained in:
Samuel Hawksby-Robinson 2020-05-15 16:01:41 +01:00 committed by GitHub
parent be683556ff
commit 9e2e94d851
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions

View File

@ -9,9 +9,15 @@ update_configs:
default_assignees: default_assignees:
- "cammellos" - "cammellos"
- "Samyoul" - "Samyoul"
allowed_updates:
- match:
update_type: "security"
- package_manager: "go:modules" - package_manager: "go:modules"
directory: "/protocol" directory: "/protocol"
update_schedule: "weekly" update_schedule: "weekly"
default_assignees: default_assignees:
- "cammellos" - "cammellos"
- "Samyoul" - "Samyoul"
allowed_updates:
- match:
update_type: "security"