When configuration options are set for the same branch (true unless you use target-branch), and specify a package-ecosystem and directory for the vulnerable manifest, then pull requests for security updates use relevant options. Security updates are raised for vulnerable package manifests only on the default branch. Note: Some of these configuration options may also affect pull requests raised for security updates of vulnerable package manifests. In addition, the open-pull-requests-limit option changes the maximum number of pull requests for version updates that Dependabot can open. Options to change the behavior of the pull requests: target-branch, versioning-strategy, commit-message, rebase-strategy, parator.Options to add metadata to pull requests: reviewers, assignees, labels, milestone.Options to control which dependencies are updated: allow, ignore, vendor.Options to customize the update schedule: schedule.time, schedule.timezone, schedule.day.Essential set up options that you must include in all configurations: package-ecosystem, directory, schedule.interval.These options fit broadly into the following categories. How to update manifest version requirements Timezone for time of day (zone identifier) Private registries that Dependabot can access Limit number of open pull requests for version updatesĬhange separator for pull request branch names OptionĮnable ecosystems that have beta-level supportĪllow or deny code execution in manifest files Each entry configures the update settings for a particular package manager. You use it to configure how Dependabot updates the versions or your project's dependencies. Configuration options for the dependabot.yml file You can, optionally, include a top-level registries key. The dependabot.yml file has two mandatory top-level keys: version, and updates. Note: You cannot configure Dependabot alerts using the dependabot.yml file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |