Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,15 @@ updates:
directory: "/"
schedule:
interval: "weekly"
# Don't propose a version until it has aged past CI's pnpm
# `minimumReleaseAge` supply-chain gate (24 h). Without this, a
# same-day npm release lands in the weekly PR and CI red-flags it
# with ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION until the version
# ages — a recurring false-red. 2 days clears the 24 h gate with
# margin for the create→CI-install delay. Security advisories come
# through their own path and aren't held back by this.
cooldown:
default-days: 2
open-pull-requests-limit: 5
groups:
minor-and-patch:
Expand Down
Loading