Skip to content

Commit

Permalink
dependabot: Ignore patch updates
Browse files Browse the repository at this point in the history 
This commit ignores Python and GitHub Action patch updates. Major and
minor versions will still trigger an update. Security updates are not
changed. Package updates for every patch (major.minor.patch) is noisy.
Focusing on major and minor will provide sufficient updates for packages
used in this project. [1]

[1] https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore
  • Loading branch information
@edwarddavidbaker
edwarddavidbaker committed Dec 16, 2024
1 parent ac8410b commit e7a85e8
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,20 @@ updates:
schedule:
interval: "weekly"
open-pull-requests-limit: 1
ignore:
# Ignore patch updates (major.minor.patch) for all packages. This
# does not prevent security updates.
- dependency-name: "*"
update-types: ["version-update:semver-patch"]

# Enable version updates from GitHub Actions.
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 1
ignore:
# Ignore patch updates (major.minor.patch) for all packages. This
# does not prevent security updates.
- dependency-name: "*"
update-types: ["version-update:semver-patch"]

0 comments on commit e7a85e8

Please sign in to comment.