STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11279 commits 87 branches 0 tags 160 MiB
Commit graph

3 commits

Author SHA1 Message Date
William Martin
498ad84fcd Consume dependabot minor versions for go modules 2025-07-03 12:14:44 +02:00
Mislav Marohnić
127e2dae99 Configure Dependabot to only consider patch version bumps 
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#ignore
 2021-10-13 20:06:19 +02:00
flying-cow
706dede7ac Enable dependabot to get security updates and if needed version updates on dependencies 
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically

Having knowledge about vulnerabilities of the dependencies helps the project owners decide on their dependencies security posture to make decisions.

If the project decides to get updates only on security updates and not on any version updates then setting these options would not open any PR 's open-pull-requests-limit: 0
 2021-10-10 19:41:30 -05:00