mirror of
https://github.com/GSA/notifications-api.git
synced 2026-05-11 19:48:38 -04:00
23 lines
1.0 KiB
YAML
23 lines
1.0 KiB
YAML
# To get started with Dependabot version updates, you'll need to specify which
|
|
# package ecosystems to update and where the package manifests are located.
|
|
# Please see the documentation for all configuration options:
|
|
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
|
|
|
# Note: Setting open-pull-requests-limit to 0 disables automatic version update PRs.
|
|
# Security updates are still active and managed separately in repository settings under
|
|
# "Security & analysis" > "Dependabot security updates"
|
|
|
|
version: 2
|
|
updates:
|
|
- package-ecosystem: "pip" # See documentation for possible values
|
|
directory: "/" # Location of package manifests
|
|
schedule:
|
|
interval: "daily"
|
|
open-pull-requests-limit: 0 # Disable version update PRs; security updates still active
|
|
labels:
|
|
- "dependabot" # Custom label to identify Dependabot PRs
|
|
ignore:
|
|
# gevent 25.8+ breaks Celery/Kombu compatibility (potentially)
|
|
- dependency-name: "gevent"
|
|
versions: [">=25.8.0"]
|