Maikel Linke
|
045482e07d
|
Revert "Deactivate cooldown for testing"
This reverts commit 13cec27f6b.
|
2026-02-18 12:11:37 +11:00 |
|
Maikel Linke
|
13cec27f6b
|
Deactivate cooldown for testing
|
2026-02-18 11:54:32 +11:00 |
|
Maikel Linke
|
f25d51e772
|
Add 7 day cooldown to Dependabot updates
This should make us less vulnerable to supply chain attacks:
- https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
|
2026-02-02 14:41:30 +11:00 |
|
David Rodríguez
|
6fa99b187d
|
Unify Dependabot strategy
Let's do the same we do for Ruby dependencies.
|
2025-11-19 14:47:44 +01:00 |
|
David Rodríguez
|
49a976810b
|
Update all webpack related dependencies together
|
2025-11-13 08:45:18 +01:00 |
|
David Rodríguez
|
9566075dee
|
Tweak Dependabot config
|
2025-11-04 08:57:10 +01:00 |
|
Maikel Linke
|
9d09d5aff1
|
Allow Dependabot to open as many PRs as it likes
|
2024-04-16 11:19:27 +10:00 |
|
David Cook
|
3b49ba4de1
|
Allow Dependabot to update package.json
As per the industry standard, all version numbers are specified in package.json, so Dependabot is allowed to suggest increases when a new version is released. This is the default.
Discussed in https://community.openfoodnetwork.org/t/javascript-dependency-management-with-package-json/2753
|
2023-02-03 14:48:18 +11:00 |
|
Maikel Linke
|
bbafe9ff94
|
Restrict Dependabot to update only the lockfiles
This enables us to specify versions in the Gemfile and package.json and
Dependabot won't suggest updates we excluded that way.
|
2022-01-17 11:42:14 +11:00 |
|
Luis Ramos
|
ab6f6c463a
|
Fix problem in dependabot config, yarn is not a valid package-ecosystem, we can try npm
|
2020-12-08 20:00:19 +00:00 |
|
Luis Ramos
|
7a35fabb22
|
Move dependendabot config file to .github
|
2020-12-03 21:32:57 +00:00 |
|