mporwoll/cms.c2sgmbh
1
0
Fork 0
mirror of https://github.com/complexcaresolutions/cms.c2sgmbh.git synced 2026-03-17 17:24:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cms.c2sgmbh/.github/dependabot.yml
Martin Porwoll 1932ad26ef deps: target develop branch for 
Dependabot PRs

  Aligns with git-flow: updates go through develop before main.

  Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 16:53:50 +00:00

71 lines
1.7 KiB
YAML
Raw Blame History

# Dependabot configuration for automated dependency updates
# Critical: CVE-2025-55182 compromise was caused by delayed security updates
version: 2
updates:
# npm (pnpm) dependencies - daily checks for security-critical updates
- package-ecosystem: "npm"
directory: "/"
target-branch: "develop"
schedule:
interval: "daily"
time: "04:00"
timezone: "Europe/Berlin"
labels:
- "dependencies"
# pnpm is auto-detected via lockfile
versioning-strategy: "increase"
open-pull-requests-limit: 20
groups:
payload-core:
patterns:
- "@payloadcms/*"
- "payload"
- "payload-oapi"
update-types:
- "minor"
- "patch"
react-nextjs:
patterns:
- "react"
- "react-dom"
- "next"
- "@types/react"
- "@types/react-dom"
- "eslint-config-next"
update-types:
- "minor"
- "patch"
fullcalendar:
patterns:
- "@fullcalendar/*"
update-types:
- "minor"
- "patch"
dev-dependencies:
dependency-type: "development"
update-types:
- "minor"
- "patch"
exclude-patterns:
- "@types/react"
- "@types/react-dom"
- "eslint-config-next"
commit-message:
prefix: "deps"
prefix-development: "deps(dev)"
include: "scope"
# GitHub Actions - weekly updates
- package-ecosystem: "github-actions"
directory: "/"
target-branch: "develop"
schedule:
interval: "weekly"
day: "monday"
time: "04:00"
timezone: "Europe/Berlin"
labels:
- "dependencies"
commit-message:
prefix: "deps(actions)"
Reference in a new issue View git blame Copy permalink