mporwoll/cms.c2sgmbh
1
0
Fork 0
mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-17 17:24:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cms.c2sgmbh/.github/dependabot.yml
Martin Porwoll 0065712752 deps: add Dependabot config for automated dependency updates 
- Daily npm dependency checks at 04:00 Europe/Berlin
  - Grouped updates: payload-core, react-nextjs, fullcalendar, dev-deps
  - Weekly GitHub Actions updates
  - Auto-merge workflow for patch updates after CI passes
  - Minor dev-dependency updates also auto-merged
  - Critical after CVE-2025-55182 incident on 2025-12-09
2026-02-23 08:53:19 +00:00

69 lines
1.7 KiB
YAML
Raw Blame History

# Dependabot configuration for automated dependency updates
# Critical: CVE-2025-55182 compromise was caused by delayed security updates
version: 2
updates:
# npm (pnpm) dependencies - daily checks for security-critical updates
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
time: "04:00"
timezone: "Europe/Berlin"
labels:
- "dependencies"
# pnpm is auto-detected via lockfile
versioning-strategy: "increase"
open-pull-requests-limit: 20
groups:
payload-core:
patterns:
- "@payloadcms/*"
- "payload"
- "payload-oapi"
update-types:
- "minor"
- "patch"
react-nextjs:
patterns:
- "react"
- "react-dom"
- "next"
- "@types/react"
- "@types/react-dom"
- "eslint-config-next"
update-types:
- "minor"
- "patch"
fullcalendar:
patterns:
- "@fullcalendar/*"
update-types:
- "minor"
- "patch"
dev-dependencies:
dependency-type: "development"
update-types:
- "minor"
- "patch"
exclude-patterns:
- "@types/react"
- "@types/react-dom"
- "eslint-config-next"
commit-message:
prefix: "deps"
prefix-development: "deps(dev)"
include: "scope"
# GitHub Actions - weekly updates
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "04:00"
timezone: "Europe/Berlin"
labels:
- "dependencies"
commit-message:
prefix: "deps(actions)"
Reference in a new issue View git blame Copy permalink