-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdependabot.yml
More file actions
68 lines (66 loc) · 1.84 KB
/
dependabot.yml
File metadata and controls
68 lines (66 loc) · 1.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Dependabot configuration for codeiq (Go).
# Docs: https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
#
# Strategy:
# * weekly cadence — keeps the noise floor low while still catching CVEs early
# * grouped updates per ecosystem so PR fan-out stays manageable
# * security updates fire whenever needed regardless of the weekly slot
#
# Java + npm sections were removed at the Phase 6 cutover (PR #132); the
# Spring Boot / React SPA is gone and `pom.xml` / `src/main/frontend/` no
# longer exist.
version: 2
updates:
# ----- Go modules (the codeiq application) -----
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "08:00"
timezone: "Etc/UTC"
open-pull-requests-limit: 10
labels:
- "type:dependencies"
- "area:backend"
commit-message:
prefix: "chore(deps)"
include: "scope"
groups:
kuzu:
patterns:
- "github.com/kuzudb/*"
tree-sitter:
patterns:
- "github.com/smacker/go-tree-sitter*"
mcp:
patterns:
- "github.com/modelcontextprotocol/*"
cobra-viper:
patterns:
- "github.com/spf13/*"
sqlite:
patterns:
- "github.com/mattn/go-sqlite3"
test-libs:
patterns:
- "github.com/stretchr/testify"
# ----- GitHub Actions (CI / release / security) -----
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "08:00"
timezone: "Etc/UTC"
open-pull-requests-limit: 5
labels:
- "type:dependencies"
- "area:ci"
commit-message:
prefix: "chore(actions)"
include: "scope"
groups:
actions:
patterns:
- "*"