mirror of
https://github.com/SonarSource/sonarqube-scan-action.git
synced 2026-04-10 23:40:06 +00:00
7a1a48cce8
- Version updates: minimum package age via cooldown (default-days: 5). - Security updates are not affected by cooldown (GitHub behavior). - exclude: org.sonarsource*, com.sonarsource*, npm @sonarsource/*, actions SonarSource/* as applicable. - Aligns supply-chain policy with BUILD-10860 (Renovate) intent.
20 lines
619 B
YAML
20 lines
619 B
YAML
# To get started with Dependabot version updates, you'll need to specify which
|
|
# package ecosystems to update and where the package manifests are located.
|
|
# Please see the documentation for all configuration options:
|
|
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
|
|
|
version: 2
|
|
|
|
updates:
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "daily"
|
|
timezone: "CET"
|
|
open-pull-requests-limit: 100
|
|
cooldown:
|
|
default-days: 5
|
|
exclude:
|
|
- "SonarSource/*"
|
|
commit-message:
|
|
prefix: "NO-JIRA "
|