oss/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft.git synced 2026-02-12 02:26:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Group dependabot updates (#4522)

Browse Source 
* group dependabot updates

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

* use directories key

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>

---------

Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
This commit is contained in:
Alex Goodman 2026-01-05 11:57:38 -05:00 committed by GitHub
parent ea43506196
commit 29a0b19a21
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
.github/dependabot.yml vendored
View File

@ -1,3 +1,14 @@
# Dependabot configuration
#
# Grouping behavior (see inline comments for details):
# - Minor + patch updates: grouped into a single PR per ecosystem
# - Major version bumps: individual PR per dependency
# - Security updates: individual PR per dependency
#
# Note: "patch" refers to semver version bumps (1.2.3 -> 1.2.4), not security fixes.
# Security updates are identified separately via GitHub's Advisory Database and
# can be any version bump (patch, minor, or major) that fixes a known CVE.
version: 2 version: 2
updates: updates:
@ -5,23 +16,35 @@ updates:
- package-ecosystem: gomod - package-ecosystem: gomod
directory: "/" directory: "/"
schedule: schedule:
interval: "daily" interval: "weekly"
day: "friday"
open-pull-requests-limit: 10 open-pull-requests-limit: 10
labels: labels:
- "dependencies" - "dependencies"
groups:
go-minor-patch:
applies-to: version-updates # security updates get individual PRs
patterns:
- "*"
update-types: # major omitted, gets individual PRs
- "minor"
- "patch"
- package-ecosystem: "github-actions" - package-ecosystem: "github-actions"
directory: "/" directories:
- "/"
- "/.github/actions/bootstrap"
schedule: schedule:
interval: "daily" interval: "weekly"
open-pull-requests-limit: 10 day: "friday"
labels:
- "dependencies"
- package-ecosystem: "github-actions"
directory: "/.github/actions/bootstrap"
schedule:
interval: "daily"
open-pull-requests-limit: 10 open-pull-requests-limit: 10
labels: labels:
- "dependencies" - "dependencies"
groups:
actions-minor-patch:
applies-to: version-updates # security updates get individual PRs
patterns:
- "*"
update-types: # major omitted, gets individual PRs
- "minor"
- "patch"