Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add dependabot configuration file (#308)
This commit adds an initial Dependabot configuration to: * Submit pull requests for security updates and version updates for GH Action runner dependencies. At a later point in time, we could consider enabling it for Composer dependencies as well. The configuration has been set up to: * Run weekly (for now). * Submit a maximum of 5 pull requests at a time. If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged. * The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now. Refs: * https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file * https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy Co-authored-by: jrfnl <[email protected]>
- Loading branch information